| Risk Level | Number of Alerts |
|---|---|
|
High
|
2
|
|
Medium
|
8
|
|
Low
|
15
|
|
Informational
|
9
|
|
False Positives:
|
0
|
|
High |
Open Redirect |
|---|---|
| Description |
Open redirects are one of the OWASP 2010 Top Ten vulnerabilities. This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible. Open redirects occur when an application allows user-supplied input (e.g. https://nottrusted.com) to control an offsite redirect. This is generally a pretty accurate way to find where 301 or 302 redirects could be exploited by spammers or phishing attacks.
For example an attacker could supply a user with the following link: https://example.com/example.php?url=https://malicious.example.com.
|
| URL | https://public-firing-range.appspot.com/urldom/redirect?url=http://example.com |
| Method | GET |
| Parameter | url |
| Attack | |
| Evidence | |
| Other Info | The 301 or 302 response to a request for the following URL appeared to contain user input in the location header: https://public-firing-range.appspot.com/urldom/redirect?url=http://example.com The user input found was: url=http://example.com The context was: http://example.com |
| Instances | 1 |
| Solution |
To avoid the open redirect vulnerability, parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser. Implement safe redirect functionality that only redirects to relative URI's, or a list of trusted domains
|
| Reference |
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/601.html |
| CWE Id | 601 |
| WASC Id | 38 |
| Plugin Id | 10028 |
|
High |
PII Disclosure |
|---|---|
| Description |
The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.
|
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 4006840058034385 |
| Other Info | Credit Card Type detected: Visa Bank Identification Number: 400684 Brand: VISA Category: CLASSIC Issuer: ING BANK, A.S. |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 4600952493734873 |
| Other Info | Credit Card Type detected: Visa Bank Identification Number: 460095 Brand: VISA Category: Issuer: VICTORIABANK |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 4657307961433106 |
| Other Info | Credit Card Type detected: Visa Bank Identification Number: 465730 Brand: VISA Category: Issuer: |
| Instances | 3 |
| Solution |
Check the response for the potential presence of personally identifiable information (PII), ensure nothing sensitive is leaked by the application.
|
| Reference | |
| CWE Id | 359 |
| WASC Id | 13 |
| Plugin Id | 10062 |
|
Medium |
Absence of Anti-CSRF Tokens |
|---|---|
| Description |
No Anti-CSRF tokens were found in a HTML submission form.
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.
CSRF attacks are effective in a number of situations, including:
* The victim has an active session on the target site.
* The victim is authenticated via HTTP auth on the target site.
* The victim is on the same local network as the target site.
CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
|
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="advanced" name="advanced" method="POST" onsubmit="return validateForm(this);false;"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "desc" "price" "product" "type" ]. |
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="query" name="advanced" method="POST"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "q" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "update" ]. |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="POST"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password" "submit" "username" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "price" "productid" "quantity" "submit" ]. |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="POST"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password1" "password2" "submit" "username" ]. |
| URL | http://localhost:8090/bodgeit/search.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <FORM name='query' method='GET'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ]. |
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form NAME="frmLogin" METHOD="POST" ACTION="index.php" onsubmit="return validateEmail();"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "emailid" ]. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form NAME="frmLogin" METHOD="POST" ACTION="index.php"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ]. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form NAME="frmLogin" METHOD="POST" ACTION="index.php"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ]. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="logout.php" class="button_to" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "" ]. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form accept-charset="UTF-8" action="new_quotation.php" class="new_quotation" enctype="multipart/form-data" id="new_quotation" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "new_quote" "quotation[user_id]" "quotation_incidents" "quotation_vehicle_attributes_mileage" "quotation_vehicle_attributes_registration" "quotation_vehicle_attributes_value" "quotation_windscreenrepair_f" "quotation_windscreenrepair_t" "resetquote" "submit" "utf8" ]. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="retrieve_quotation.php" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "getquote" "id" ]. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form accept-charset="UTF-8" action="" class="edit_user" enctype="multipart/form-data" id="edit_user_" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "_method" "commit" "user_address_attributes_city" "user_address_attributes_county" "user_address_attributes_id" "user_address_attributes_postcode" "user_address_attributes_street" "user_firstname" "user_licencetype_f" "user_licencetype_t" "user_phone" "user_surname" "utf8" ]. |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form accept-charset="UTF-8" action="" method="post" id="login-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "email" "password" "submit" ]. |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form accept-charset="UTF-8" action="" class="new_user" enctype="multipart/form-data" id="new_user" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "licencetype_f" "licencetype_t" "new_user" "resetform" "submit" "user_address_attributes_city" "user_address_attributes_county" "user_address_attributes_postcode" "user_address_attributes_street" "user_firstname" "user_phone" "user_surname" "user_user_detail_attributes_email" "user_user_detail_attributes_password" "user_user_detail_attributes_password_confirmation" "utf8" ]. |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="check_credit_balance.php" name="fb2" onSubmit="return validate();"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "card_nmuber" "submit" ]. |
| URL | https://demo.guru99.com/payment-gateway/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="process_purchasetoy.php" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "" ]. |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="fbal" method="post" action="process_card.php" onSubmit="return validate();"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "card_nmuber" "cvv_code" "prices" "submit" ]. |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="process_purchasetoy.php" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "" ]. |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form NAME="frmLogin" METHOD="POST" ACTION="index.php"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ]. |
| URL | https://demo.guru99.com/selenium/facebook.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="login_form" action="https://web.archive.org/web/20130925210322/https://www.facebook.com/login.php?login_attempt=1" method="post" onsubmit="return window.Event && Event.__inlineSubmit && Event.__inlineSubmit(this,event)"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "default_persistent" "email" "lgnjs" "lgnrnd" "locale" "lsd" "pass" "persist_box" "u_0_a" "u_0_b" ]. |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="insertcustomer.php" onSubmit="return validatenewCust();"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "done" "email" "fname" "lname" "pending" "submit" "telephoneno" ]. |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="addtariffplans.php" onSubmit="return validatenewCust();"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "inter_charges" "inter_minutes" "local_minutes" "minutes_charges" "rental1" "sms_charges" "sms_pack" "submit" ]. |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="assigntariffplantocustomer.php" onSubmit="return validatenewCust15();" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "customer_id" "submit" ]. |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="billing.php" onSubmit="return validatenewCust15();" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "customer_id" "submit" ]. |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="birthdate.php" method="post" name="bdate" style="margin-left:50px;"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "bdaytime" ]. |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "buttoncheck" "no" "yes" ]. |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "buttoncheck" "no" "yes" ]. |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form class="jotform-form" action="https://submit.jotform.me/submit/71343664435457/" method="post" enctype="multipart/form-data" name="form_71343664435457" id="71343664435457" accept-charset="utf-8"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "formID" "input_3" "input_4" "input_5" "input_7" "input_7_0" "input_7_1" "input_7_2" "input_8" "other_7" "simple_spc" "website" ]. |
| URL | https://demo.guru99.com/test/cookie/selenium_aut.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form class="form-signin" action="selenium_cookie.php" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password" "username" ]. |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form onsubmit="return confirm('Do you really want to delete this Customer?');" action="delete_customer.php" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cusid" "res" "submit" ]. |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="login_form" action="https://web.archive.org/web/20130925210322/https://www.facebook.com/login.php?login_attempt=1" method="post" onsubmit="return window.Event && Event.__inlineSubmit && Event.__inlineSubmit(this,event)"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "default_persistent" "email" "lgnjs" "lgnrnd" "locale" "lsd" "pass" "persist_box" "u_0_a" "u_0_b" ]. |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="controller" method="POST"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "Play" "Stop" "Zoomin" "Zoomout" ]. |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="#" name="frm1" id="form" onsubmit="greeting()"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "philadelphia-field-email" ]. |
| URL | https://demo.guru99.com/test/image_upload/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form id="imageform" method="post" enctype="multipart/form-data" action='ajaximage.php'> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "photoimg" ]. |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="success.html" method="post" id="login_form" class="box"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "back" "email" "passwd" ]. |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="index.php" name="home" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ]. |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="index.php" name="home" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ]. |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="login.php" name="register"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ]. |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="register.php" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address1" "city" "confirmPassword" "email" "firstName" "lastName" "mercury" "password" "phone" "postalCode" "state" "submit" "userName" ]. |
| URL | https://demo.guru99.com/test/newtours/reservation.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="reservation2.php" name="findflight"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "findFlights" "servClass" "tripType" ]. |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="uploadform" onsubmit="return postIt();" action="/web/20141011154238/http://212.7.194.85/cgi-bin/upload.cgi?sid=225b7867d510426ed86e1dcd57df2c69&maxfilesize=206000000" method="post" target="uploadframe" enctype="multipart/form-data"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "AccessKey" "file_password_0" "flash_descr" "flash_password" "maxfilesize" "phpuploadscript" "returnurl" "sessionid" "uploadfile_0" "UploadSession" ]. |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form name="emailform" action="emaillinks.php" method="post" target="emailframe"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "AccessKey" "terms" "uploadmode" "UploadSession" ]. |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form NAME="frmLogin" METHOD="POST" ACTION="index.php"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ]. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ]. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/form |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="POST"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_1" "quantity_14" "quantity_15" "quantity_2" "quantity_23" "quantity_24" "quantity_26" "quantity_4" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_10" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_11" "quantity_12" "quantity_16" "quantity_21" "quantity_25" "quantity_29" "quantity_30" "quantity_32" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_11" "quantity_16" "quantity_21" "quantity_25" "quantity_29" "quantity_30" "quantity_32" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_11" "quantity_16" "quantity_21" "quantity_25" "quantity_30" "quantity_32" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_13" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_14" "quantity_15" "quantity_2" "quantity_23" "quantity_24" "quantity_26" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_15" "quantity_24" "quantity_26" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_16" "quantity_21" "quantity_25" "quantity_30" "quantity_32" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_16" "quantity_21" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_17" "quantity_31" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_17" "quantity_8" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_18" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_19" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_20" "quantity_22" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_20" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_21" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_24" "quantity_26" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_27" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_28" "quantity_3" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_5" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_6" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_7" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "quantity_9" "update" ]. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="basket.jsp" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "update" ]. |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="POST"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password" "submit" "username" ]. |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="POST"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "password1" "password2" "submit" "username" ]. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form NAME="frmLogin" METHOD="POST" ACTION="index.php"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ]. |
| URL | https://demo.guru99.com/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form NAME="frmLogin" METHOD="POST" ACTION="index.php" onsubmit="return validateEmail();"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "emailid" ]. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="logout.php" class="button_to" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "" ]. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form accept-charset="UTF-8" action="new_quotation.php" class="new_quotation" enctype="multipart/form-data" id="new_quotation" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "new_quote" "quotation[user_id]" "quotation_incidents" "quotation_vehicle_attributes_mileage" "quotation_vehicle_attributes_registration" "quotation_vehicle_attributes_value" "quotation_windscreenrepair_f" "quotation_windscreenrepair_t" "resetquote" "submit" "utf8" ]. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="retrieve_quotation.php" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 3: "getquote" "id" ]. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form accept-charset="UTF-8" action="" class="edit_user" enctype="multipart/form-data" id="edit_user_" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 4: "_method" "commit" "user_address_attributes_city" "user_address_attributes_county" "user_address_attributes_id" "user_address_attributes_postcode" "user_address_attributes_street" "user_firstname" "user_licencetype_f" "user_licencetype_t" "user_phone" "user_surname" "utf8" ]. |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form accept-charset="UTF-8" action="" method="post" id="login-form"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "email" "password" "submit" ]. |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form accept-charset="UTF-8" action="" class="new_user" enctype="multipart/form-data" id="new_user" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "licencetype_f" "licencetype_t" "new_user" "resetform" "submit" "user_address_attributes_city" "user_address_attributes_county" "user_address_attributes_postcode" "user_address_attributes_street" "user_firstname" "user_phone" "user_surname" "user_user_detail_attributes_email" "user_user_detail_attributes_password" "user_user_detail_attributes_password_confirmation" "utf8" ]. |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name="fbal" method="post" action="process_card.php" onSubmit="return validate();"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "card_nmuber" "cvv_code" "prices" "submit" ]. |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form NAME="frmLogin" METHOD="POST" ACTION="index.php"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ]. |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form onsubmit="return confirm('Do you really want to delete this Customer?');" action="delete_customer.php" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cusid" "res" "submit" ]. |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form name="controller" method="POST"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "Play" "Stop" "Zoomin" "Zoomout" ]. |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="index.php" name="home" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ]. |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="login.php" name="register"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "action" "password" "submit" "userName" ]. |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="post" action="register.php" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "address1" "city" "confirmPassword" "email" "firstName" "lastName" "mercury" "password" "phone" "postalCode" "state" "submit" "userName" ]. |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form NAME="frmLogin" METHOD="POST" ACTION="index.php"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "btnLogin" "btnReset" "password" "uid" ]. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ]. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/form |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form method="POST"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "q" ]. |
| Instances | 123 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, use anti-CSRF packages such as the OWASP CSRFGuard.
Phase: Implementation
Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.
Phase: Architecture and Design
Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).
Note that this can be bypassed using XSS.
Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.
Note that this can be bypassed using XSS.
Use the ESAPI Session Management control.
This control includes a component for CSRF.
Do not use the GET method for any request that triggers a state change.
Phase: Implementation
Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
|
| Reference |
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/352.html |
| CWE Id | 352 |
| WASC Id | 9 |
| Plugin Id | 10202 |
|
Medium |
CSP: Wildcard Directive |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none'; script-src 'strict-dynamic' 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' https: http:; base-uri 'none'; https://www.google.com; report-uri https://csp.withgoogle.com/csp/inquisition/inquisitor |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: style-src, img-src, connect-src, frame-src, frame-ancestors, font-src, media-src, manifest-src, worker-src, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| Instances | 1 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy https://content-security-policy.com/ https://github.com/HtmlUnit/htmlunit-csp https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
CSP: script-src unsafe-eval |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none'; script-src 'strict-dynamic' 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' https: http:; base-uri 'none'; https://www.google.com; report-uri https://csp.withgoogle.com/csp/inquisition/inquisitor |
| Other Info | script-src includes unsafe-eval. |
| Instances | 1 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy https://content-security-policy.com/ https://github.com/HtmlUnit/htmlunit-csp https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
CSP: style-src unsafe-inline |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none'; script-src 'strict-dynamic' 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' https: http:; base-uri 'none'; https://www.google.com; report-uri https://csp.withgoogle.com/csp/inquisition/inquisitor |
| Other Info | style-src includes unsafe-inline. |
| Instances | 1 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy https://content-security-policy.com/ https://github.com/HtmlUnit/htmlunit-csp https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
Missing Anti-clickjacking Header |
|---|---|
| Description |
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
|
| URL | http://localhost:8090/bodgeit/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/about.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/admin.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/contact.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/home.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=10 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=11 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=12 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=13 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=14 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=15 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=16 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=17 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=18 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=19 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=2 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=20 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=21 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=22 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=23 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=24 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=25 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=26 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=27 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=28 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=29 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=3 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=30 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=31 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=32 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=4 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=5 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=6 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=7 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=8 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=9 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=2 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=3 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=4 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=5 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=6 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=7 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/score.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/search.jsp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/search.jsp?q=ZAP |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/index.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/selenium/facebook.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-1.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-5.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=063675 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=069466 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=936997 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/block.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_aut.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/drag_drop.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/ads.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/image_upload/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/link.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/support.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/radio.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/table.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/baseURI/documentwrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/documentURI/documentwrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/assign |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/documentwrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/documentwriteln |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/formaction |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/function |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/inlineevent |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/jshref |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/onclickAddEventListener |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/onclickSetAttribute |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/rangeCreateContextualFragment |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/replace |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location.hash/setTimeout |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location/assign |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location/documentwrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location/documentwriteln |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location/rangeCreateContextualFragment |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location/replace |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/location/setTimeout |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/locationhref/documentwrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/locationpathname/documentwrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/locationsearch/documentwrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/URL/documentwrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/URLUnencoded/documentwrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/badscriptimport |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/badscriptimport/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/clickjacking |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/clickjacking/clickjacking_xfo_allowall |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/clickjacking/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowInsecureScheme |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowNullOrigin |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginEndsWith |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginProtocolDowngrade |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginRegexDot |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginStartsWith |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/dynamicAllowOrigin |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/dompropagation |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/dompropagation/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/javascripturi.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/array/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/property/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/array/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/property/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithPartialStringComparison |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithRegExp |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name/documentWrite |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name/eval |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name/innerHtml |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/js/encodeURIComponent?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/js/escape?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/js/html_escape?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_quoted?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_singlequoted?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_unquoted?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body_comment?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_import?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_font_value?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_value?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/head?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_assignment?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_comment?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_eval?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_quoted_string?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_singlequoted_string?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_slashquoted_string?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/tagname?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/textarea?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_name?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_quoted?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_singlequoted?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_unquoted?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body_comment?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_import?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_font_value?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_value?escape=HTML_ESCAPE&q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/head?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_assignment?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_comment?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_eval?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_quoted_string?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_singlequoted_string?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_slashquoted_string?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/tagname?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/textarea?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/flashinjection |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/flashinjection/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedcookie |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedinresource |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/mixedcontent |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/mixedcontent/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/redirect |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/redirect/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/redirect/meta?q=/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted/DoubleQuoteSinglequote?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredcharsets/body/SpaceDoubleQuoteSlashEquals?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive/script?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive/script?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_name?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_quoted?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_unquoted?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/body |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/body?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/css_style?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/css_style_font_value?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/css_style_value?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/form |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/head?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/iframe_attribute_value?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/iframe_srcdoc?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_assignment?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_comment?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_eval?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_quoted_string?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_singlequoted_string?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_slashquoted_string?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/json?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/noscript?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/style_attribute_value?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/tagname?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/textarea?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/textarea_attribute_value?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/title?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/url/css_import?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/url/href?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/url/object_data?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/url/object_param?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/url/script_src?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/object_hash.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/script_hash.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO/?q=foo |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO/?q=%26callback%3Dfoo%23 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback/?q=urc_button.click |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter/?q=%26callback%3Durc_button.click%23 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_includesubdomains_missing |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_missing |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_too_low |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_missing |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_preload_missing |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/tags |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/tags/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/tags/multiline?q=a |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/a.href |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/base.href |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/document.location |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/embed.src |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/fetch |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/form.action |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/iframe.src |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/input.formaction |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/link.href |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/object.data |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.code.value |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.movie.value |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.src.value |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.url.value |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.href |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_domain |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_path |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_query |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/window.open |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/xhr.open |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/search/area.href?//example.org |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/search/button.formaction?//example.org |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/search/frame.src?//example.org |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/search/location.assign?//example.org |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/location/search/svg.a?//example.org |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries/index.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/contact.jsp |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/new_quotation.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/retrieve_quotation.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/image_upload/ajaximage.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/form |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| Instances | 438 |
| Solution |
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.
If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
|
| Reference | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options |
| CWE Id | 1021 |
| WASC Id | 15 |
| Plugin Id | 10020 |
|
Medium |
Secure Pages Include Mixed Content (Including Scripts) |
|---|---|
| Description |
The page includes mixed content, that is content accessed via HTTP instead of HTTPS.
|
| URL | https://demo.guru99.com/seo/page-1.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/seo/page-5.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/block.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/drag_drop.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0 |
| Other Info | tag=object codebase=http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0 tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/link.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/radio.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/table.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/adsfooter.js |
| Other Info | tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://demo.guru99.com/test/js/bootstrap.min.js |
| Other Info | tag=script src=http://demo.guru99.com/test/js/bootstrap.min.js tag=script src=http://demo.guru99.com/test/js/treemenu.js tag=script src=http://demo.guru99.com/test/js/slider-cars.js tag=script src=http://demo.guru99.com/test/js/home-bar.js tag=script src=http://demo.guru99.com/test/js/jquery.js tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://irrelevant.google.com?a |
| Other Info | tag=script src=http://irrelevant.google.com?a |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://irrelevant.google.com?a |
| Other Info | tag=script src=http://irrelevant.google.com?a |
| URL | https://public-firing-range.appspot.com/mixedcontent |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://public-firing-range.appspot.com/mixedcontent/script.js |
| Other Info | tag=script src=http://public-firing-range.appspot.com/mixedcontent/script.js |
| URL | https://public-firing-range.appspot.com/mixedcontent/index.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://public-firing-range.appspot.com/mixedcontent/script.js |
| Other Info | tag=script src=http://public-firing-range.appspot.com/mixedcontent/script.js |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://irrelevant.google.com/a |
| Other Info | tag=script src=http://irrelevant.google.com/a |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://127.0.0.2/localhost_import.js |
| Other Info | tag=script src=http://127.0.0.2/localhost_import.js |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://192.168.1.2/private_network_import.js |
| Other Info | tag=script src=http://192.168.1.2/private_network_import.js |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | http://g00gle.com/typosquatting_domain.js |
| Other Info | tag=script src=http://g00gle.com/typosquatting_domain.js |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0 |
| Other Info | tag=object codebase=http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0 tag=script src=http://demo.guru99.com/adsfooter.js |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | http://mymail.guru99.com/logo-guru99.png |
| Other Info | tag=img src=http://mymail.guru99.com/logo-guru99.png tag=script src=http://demo.guru99.com/adsfooter.js |
| Instances | 34 |
| Solution |
A page that is available over SSL/TLS must be comprised completely of content which is transmitted over SSL/TLS.
The page must not contain any content that is transmitted over unencrypted HTTP.
This includes content from third party sites.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html |
| CWE Id | 311 |
| WASC Id | 4 |
| Plugin Id | 10040 |
|
Medium |
Vulnerable JS Library |
|---|---|
| Description |
The identified library bootstrap, version 3.3.7 is vulnerable.
|
| URL | https://demo.guru99.com/Agile_Project/js/bootstrap.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | * Bootstrap v3.3.7 |
| Other Info | CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735 |
| URL | https://demo.guru99.com/Agile_Project/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.1 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/insurance/v1/javascript/bootstrap.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | * Bootstrap v3.3.7 |
| Other Info | CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735 |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | jquery-1.10.2.js |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery UI - v1.10.2 |
| Other Info | CVE-2021-41184 CVE-2021-41183 CVE-2021-41182 CVE-2022-31160 |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.1 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/payment-gateway/assets/js/bootstrap.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | * Bootstrap v3.3.7 |
| Other Info | CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735 |
| URL | https://demo.guru99.com/payment-gateway/assets/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.1 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/payment-gateway/assets/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.3 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/bootstrap.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | * Bootstrap v3.3.7 |
| Other Info | CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735 |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.1 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/seo/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.12.4 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/telecom/assets/js/bootstrap.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | * Bootstrap v3.3.7 |
| Other Info | CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735 |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.1 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.3 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/test/accountingjs/jquery-ui.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery UI - v1.10.2 |
| Other Info | CVE-2021-41184 CVE-2021-41183 CVE-2021-41182 CVE-2022-31160 |
| URL | https://demo.guru99.com/test/guru99home/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.12.4 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | * jQuery JavaScript Library v1.6 |
| Other Info | CVE-2011-4969 CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 CVE-2020-7656 CVE-2012-6708 |
| URL | https://demo.guru99.com/test/js/bootstrap.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | * Bootstrap v3.3.7 |
| Other Info | CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735 |
| URL | https://demo.guru99.com/test/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.1 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/test/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.12.4 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/test/js/jquery.tools.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | ,jquery:"1.6.4" |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 CVE-2020-7656 CVE-2012-6708 |
| URL | https://demo.guru99.com/V1/JavaScript/bootstrap.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | * Bootstrap v3.3.7 |
| Other Info | CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735 |
| URL | https://demo.guru99.com/V1/JavaScript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.1 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| URL | https://demo.guru99.com/V4/JavaScript/bootstrap.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | * Bootstrap v3.3.7 |
| Other Info | CVE-2018-14041 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735 |
| URL | https://demo.guru99.com/V4/JavaScript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | /*! jQuery v1.11.1 |
| Other Info | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| Instances | 26 |
| Solution |
Please upgrade to the latest version of bootstrap.
|
| Reference |
https://github.com/twbs/bootstrap/issues/28236
https://github.com/advisories/GHSA-pj7m-g53m-7638 https://github.com/twbs/bootstrap/issues/20184 https://github.com/advisories/GHSA-ph58-4vrj-w6hr https://github.com/twbs/bootstrap/issues/20631 https://github.com/advisories/GHSA-4p24-vmcr-4gqj https://github.com/advisories/GHSA-9v3m-8fp8-mj99 https://nvd.nist.gov/vuln/detail/CVE-2018-20676 |
| CWE Id | 829 |
| WASC Id | |
| Plugin Id | 10003 |
|
Low |
Application Error Disclosure |
|---|---|
| Description |
This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.
|
| URL | https://public-firing-range.appspot.com/dom/eventtriggering |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/contentsniffing |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredcharsets |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredcharsets/body |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredstrings |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredstrings/body |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/body/500?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/url |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/url/a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 500 Internal Server Error |
| Other Info | |
| Instances | 32 |
| Solution |
Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
|
| Reference | |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 90022 |
|
Low |
Big Redirect Detected (Potential Sensitive Information Leak) |
|---|---|
| Description |
The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.).
|
| URL | https://demo.guru99.com/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | Location header URI length: 52 [access.php?uid=mngr564973 & pass=seqerer & email=ZAP]. Predicted response size: 352. Response Body Length: 13,205. |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | Location header URI length: 10 [header.php]. Predicted response size: 310. Response Body Length: 12,252. |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | Location header URI length: 9 [index.php]. Predicted response size: 309. Response Body Length: 23,348. |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | Location header URI length: 31 [genearte_orderid.php?uid=128685]. Predicted response size: 331. Response Body Length: 12,884. |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | Location header URI length: 31 [genearte_orderid.php?uid=334721]. Predicted response size: 331. Response Body Length: 12,884. |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | Location header URI length: 31 [genearte_orderid.php?uid=574612]. Predicted response size: 331. Response Body Length: 12,884. |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | Location header URI length: 31 [genearte_orderid.php?uid=600497]. Predicted response size: 331. Response Body Length: 12,884. |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | Location header URI length: 31 [genearte_orderid.php?uid=646509]. Predicted response size: 331. Response Body Length: 12,884. |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | Location header URI length: 31 [genearte_orderid.php?uid=677239]. Predicted response size: 331. Response Body Length: 12,884. |
| Instances | 9 |
| Solution |
Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content.
|
| Reference | |
| CWE Id | 201 |
| WASC Id | 13 |
| Plugin Id | 10044 |
|
Low |
CSP: Notices |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | object-src 'none'; script-src 'strict-dynamic' 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' https: http:; base-uri 'none'; https://www.google.com; report-uri https://csp.withgoogle.com/csp/inquisition/inquisitor |
| Other Info | Errors: Directive name https://www.google.com contains characters outside the range ALPHA / DIGIT / "-" Warnings: The report-uri directive has been deprecated in favor of the new report-to directive |
| Instances | 1 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy https://content-security-policy.com/ https://github.com/HtmlUnit/htmlunit-csp https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Low |
Cookie No HttpOnly Flag |
|---|---|
| Description |
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
|
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | GET |
| Parameter | b_id |
| Attack | |
| Evidence | Set-Cookie: b_id |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Other Info | |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | b_id |
| Attack | |
| Evidence | Set-Cookie: b_id |
| Other Info | |
| Instances | 3 |
| Solution |
Ensure that the HttpOnly flag is set for all cookies.
|
| Reference | https://owasp.org/www-community/HttpOnly |
| CWE Id | 1004 |
| WASC Id | 13 |
| Plugin Id | 10010 |
|
Low |
Cookie Without Secure Flag |
|---|---|
| Description |
A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.
|
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedcookie |
| Method | GET |
| Parameter | my_secret_cookie |
| Attack | |
| Evidence | Set-Cookie: my_secret_cookie |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedinresource |
| Method | GET |
| Parameter | my_secret_cookie |
| Attack | |
| Evidence | Set-Cookie: my_secret_cookie |
| Other Info | |
| Instances | 3 |
| Solution |
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
|
| Reference | https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html |
| CWE Id | 614 |
| WASC Id | 13 |
| Plugin Id | 10011 |
|
Low |
Cookie without SameSite Attribute |
|---|---|
| Description |
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
|
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | GET |
| Parameter | b_id |
| Attack | |
| Evidence | Set-Cookie: b_id |
| Other Info | |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | Set-Cookie: JSESSIONID |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=1 |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | Set-Cookie: JSESSIONID |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=2 |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | Set-Cookie: JSESSIONID |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedcookie |
| Method | GET |
| Parameter | my_secret_cookie |
| Attack | |
| Evidence | Set-Cookie: my_secret_cookie |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedinresource |
| Method | GET |
| Parameter | my_secret_cookie |
| Attack | |
| Evidence | Set-Cookie: my_secret_cookie |
| Other Info | |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | b_id |
| Attack | |
| Evidence | Set-Cookie: b_id |
| Other Info | |
| Instances | 8 |
| Solution |
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
|
| Reference | https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site |
| CWE Id | 1275 |
| WASC Id | 13 |
| Plugin Id | 10054 |
|
Low |
Cross-Domain JavaScript Source File Inclusion |
|---|---|
| Description |
The page includes one or more script files from a third-party domain.
|
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721 |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721 |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612 |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612 |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509 |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509 |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/index.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/index.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/selenium/facebook.html |
| Method | GET |
| Parameter | https://web.archive.org/web/20130925210322js_/https://static.xx.fbcdn.net/rsrc.php/v2/yH/r/DGxMdM_Gueq.js |
| Attack | |
| Evidence | <script src="https://web.archive.org/web/20130925210322js_/https://static.xx.fbcdn.net/rsrc.php/v2/yH/r/DGxMdM_Gueq.js" crossorigin="anonymous"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-1.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-1.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-1.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-1.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-5.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-5.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-5.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-5.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=063675 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=063675 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=063675 |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=063675 |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=069466 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=069466 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=069466 |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=069466 |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=936997 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=936997 |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=936997 |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=936997 |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js |
| Attack | |
| Evidence | <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js |
| Attack | |
| Evidence | <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | //pagead2.googlesyndication.com/pagead/js/adsbygoogle.js |
| Attack | |
| Evidence | <script async src=//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | https://cdn.jotfor.ms/js/vendor/imageinfo.js?v=3.3.11170 |
| Attack | |
| Evidence | <script src="https://cdn.jotfor.ms/js/vendor/imageinfo.js?v=3.3.11170" type="text/javascript"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | https://cdn.jotfor.ms/static/jotform.forms.js?3.3.11170 |
| Attack | |
| Evidence | <script src="https://cdn.jotfor.ms/static/jotform.forms.js?3.3.11170" type="text/javascript"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | https://cdn.jotfor.ms/static/prototype.forms.js |
| Attack | |
| Evidence | <script src="https://cdn.jotfor.ms/static/prototype.forms.js" type="text/javascript"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/block.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/block.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/block.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/block.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_aut.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_aut.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_aut.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_aut.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/drag_drop.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/drag_drop.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/drag_drop.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/drag_drop.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | https://web.archive.org/web/20130925210322js_/https://static.xx.fbcdn.net/rsrc.php/v2/yH/r/DGxMdM_Gueq.js |
| Attack | |
| Evidence | <script src="https://web.archive.org/web/20130925210322js_/https://static.xx.fbcdn.net/rsrc.php/v2/yH/r/DGxMdM_Gueq.js" crossorigin="anonymous"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/image_upload/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/image_upload/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/image_upload/ |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/image_upload/ |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/link.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/link.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/link.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/link.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js |
| Attack | |
| Evidence | <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js |
| Attack | |
| Evidence | <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/support.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/support.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/support.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/support.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/radio.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/radio.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/radio.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/radio.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.1.2 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.1.2'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.te.min.js?ver=2.7.1 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.te.min.js?ver=2.7.1'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/plugins/go_pricing/assets/js/go_pricing_scripts.js?ver=2.4.3 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/go_pricing/assets/js/go_pricing_scripts.js?ver=2.4.3'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/greensock.js?ver=1.11.2 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/greensock.js?ver=1.11.2'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/layerslider.kreaturamedia.jquery.js?ver=5.2.0 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/layerslider.kreaturamedia.jquery.js?ver=5.2.0'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/layerslider.transitions.js?ver=5.2.0 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/LayerSlider/static/js/layerslider.transitions.js?ver=5.2.0'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?rev=4.6.0&ver=4.8 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?rev=4.6.0&ver=4.8'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?rev=4.6.0&ver=4.8 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?rev=4.6.0&ver=4.8'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/js/desktop-tablet.min.js?ver=4.4.4 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/desktop-tablet.min.js?ver=4.4.4'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/js/desktop.min.js?ver=4.4.4 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/desktop.min.js?ver=4.4.4'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/js/dt-contact-form.js?ver=4.8 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/dt-contact-form.js?ver=4.8'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/js/main.min.js?ver=4.4.4 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/main.min.js?ver=4.4.4'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/js/modernizr.js?ver=4.4.4 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/modernizr.js?ver=4.4.4'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins.min.js?ver=4.4.4 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins.min.js?ver=4.4.4'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins/validator/jquery.validationEngine.js?ver=2.6.1 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins/validator/jquery.validationEngine.js?ver=2.6.1'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins/validator/languages/jquery.validationEngine-en.js?ver=2.6.1 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/plugins/validator/languages/jquery.validationEngine-en.js?ver=2.6.1'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/js/svg-icons.min.js?ver=4.4.4 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/js/svg-icons.min.js?ver=4.4.4'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/royalslider/jquery.royalslider.js?ver=4.4.4 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/royalslider/jquery.royalslider.js?ver=4.4.4'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-content/themes/dt-the7/wpbakery/js_composer/assets/js/js_composer_front.js?ver=4.3.4 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-content/themes/dt-the7/wpbakery/js_composer/assets/js/js_composer_front.js?ver=4.3.4'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-includes/js/jquery/jquery.js?ver=1.12.4 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/jquery/jquery.js?ver=1.12.4'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=2.22.0 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=2.22.0'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=4.8 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=4.8'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-includes/js/quicktags.min.js?ver=4.8 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/quicktags.min.js?ver=4.8'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | https://www.seleniumframework.com/wp-includes/js/wp-embed.min.js?ver=4.8 |
| Attack | |
| Evidence | <script type='text/javascript' src='https://www.seleniumframework.com/wp-includes/js/wp-embed.min.js?ver=4.8'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/table.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/table.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/table.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/table.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | //cdn.guru99.com/media/jui/js/jquery.min.js |
| Attack | |
| Evidence | <script src=//cdn.guru99.com/media/jui/js/jquery.min.js></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | https://code.jquery.com/jquery-1.10.2.js |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-1.10.2.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | https://web.archive.org/web/20130603222603js_/http://l.yimg.com/a/lib/msg/js/aurora/beta-all-yui-201107181400.js |
| Attack | |
| Evidence | <script type="text/javascript" src="https://web.archive.org/web/20130603222603js_/http://l.yimg.com/a/lib/msg/js/aurora/beta-all-yui-201107181400.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | https://web.archive.org/web/20130603222603js_/http://l.yimg.com/a/lib/msg/js/aurora_080603.js |
| Attack | |
| Evidence | <script type="text/javascript" src="https://web.archive.org/web/20130603222603js_/http://l.yimg.com/a/lib/msg/js/aurora_080603.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.1.5/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.1.5/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.2.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.2.18/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.18/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.2.19/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.19/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.2.24/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.24/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0 |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0 |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0 |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0 |
| Method | GET |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a |
| Method | GET |
| Parameter | http://irrelevant.google.com?a |
| Attack | |
| Evidence | <script src="http://irrelevant.google.com?a"/> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a |
| Method | GET |
| Parameter | http://irrelevant.google.com?a |
| Attack | |
| Evidence | <script src="http://irrelevant.google.com?a"/> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html |
| Method | GET |
| Parameter | //nonexistent.google |
| Attack | |
| Evidence | <script src="//nonexistent.google"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a |
| Method | GET |
| Parameter | http://irrelevant.google.com/a |
| Attack | |
| Evidence | <script src="http://irrelevant.google.com/a"/> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js |
| Method | GET |
| Parameter | http://127.0.0.2/localhost_import.js |
| Attack | |
| Evidence | <script src="http://127.0.0.2/localhost_import.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js |
| Method | GET |
| Parameter | http://192.168.1.2/private_network_import.js |
| Attack | |
| Evidence | <script src="http://192.168.1.2/private_network_import.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js |
| Method | GET |
| Parameter | http://g00gle.com/typosquatting_domain.js |
| Attack | |
| Evidence | <script src="http://g00gle.com/typosquatting_domain.js"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com |
| Method | GET |
| Parameter | https://google.com |
| Attack | |
| Evidence | <script src="https://google.com"></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html |
| Method | GET |
| Parameter | https://code.jquery.com/jquery-1.8.1.js |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-1.8.1.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/index.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/index.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/retrieve_quotation.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/retrieve_quotation.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/retrieve_quotation.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/retrieve_quotation.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pre_pws.js"></script> |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | //fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js |
| Attack | |
| Evidence | <script type="text/javascript" src="//fdyn.pubwise.io/script/b7da2361-4ada-4374-9097-af748311b5fe/v3/dyn/pws.js" async></script> |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | https://www.googletagmanager.com/gtag/js?id=UA-1248015-24 |
| Attack | |
| Evidence | <script async src="https://www.googletagmanager.com/gtag/js?id=UA-1248015-24"></script> |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | https://www.googletagservices.com/tag/js/gpt.js |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | POST |
| Parameter | //ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | |
| Instances | 402 |
| Solution |
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
|
| Reference | |
| CWE Id | 829 |
| WASC Id | 15 |
| Plugin Id | 10017 |
|
Low |
Information Disclosure - Debug Error Messages |
|---|---|
| Description |
The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.
|
| URL | https://demo.guru99.com/test/newtours/support.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Under Construction |
| Other Info | |
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Internal Server Error |
| Other Info | |
| Instances | 2 |
| Solution |
Disable debugging messages before pushing to production.
|
| Reference | |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10023 |
|
Low |
Private IP Disclosure |
|---|---|
| Description |
A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.
|
| URL | https://public-firing-range.appspot.com/badscriptimport |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 192.168.1.2 |
| Other Info | 192.168.1.2 192.168.1.2 |
| URL | https://public-firing-range.appspot.com/badscriptimport/index.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 192.168.1.2 |
| Other Info | 192.168.1.2 192.168.1.2 |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 192.168.1.2 |
| Other Info | 192.168.1.2 |
| Instances | 3 |
| Solution |
Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.
|
| Reference | https://tools.ietf.org/html/rfc1918 |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 2 |
|
Low |
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) |
|---|---|
| Description |
The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
|
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: PHP/7.2.34 |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: PHP/7.2.34 |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: PHP/7.2.34 |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | X-Powered-By: PHP/7.2.34 |
| Other Info | |
| Instances | 4 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
|
| Reference |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework
https://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10037 |
|
Low |
Server Leaks Version Information via "Server" HTTP Response Header Field |
|---|---|
| Description |
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
|
| URL | http://localhost:8090/bodgeit |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/about.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/admin.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/contact.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/home.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/images/129.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/images/130.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/images/151.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/images/152.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/images/154.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/js/util.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/score.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/search.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/search.jsp?q=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/style.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/contact.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | Apache-Coyote/1.1 |
| Other Info | |
| Instances | 64 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
|
| Reference |
https://httpd.apache.org/docs/current/mod/core.html#servertokens
https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10) https://www.troyhunt.com/shhh-dont-let-your-response-headers/ |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10036 |
|
Low |
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) |
|---|---|
| Description |
A HTTP Strict Transport Security (HSTS) header was found, but it is missing the max-age directive (or the directive is missing a value). See RFC 6797 for further details.
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).
|
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_missing |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | includeSubDomains; preload |
| Other Info | |
| Instances | 1 |
| Solution |
Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with an appropriate max-age value.
|
| Reference | https://datatracker.ietf.org/doc/html/rfc6797#section-6.2 |
| CWE Id | 319 |
| WASC Id | 15 |
| Plugin Id | 10035 |
|
Low |
Timestamp Disclosure - Unix |
|---|---|
| Description |
A timestamp was disclosed by the application/web server - Unix
|
| URL | https://demo.guru99.com/test/cookie/bootstrap.min.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 1428571435 |
| Other Info | 1428571435, which evaluates to: 2015-04-09 10:23:55 |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | 1461205423 |
| Other Info | 1461205423, which evaluates to: 2016-04-21 03:23:43 |
| Instances | 2 |
| Solution |
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
|
| Reference | https://cwe.mitre.org/data/definitions/200.html |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10096 |
|
Low |
X-Content-Type-Options Header Missing |
|---|---|
| Description |
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
|
| URL | http://localhost:8090/bodgeit/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/about.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/admin.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/contact.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/home.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/images/129.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/images/130.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/images/151.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/images/152.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/images/154.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/js/util.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=10 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=11 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=12 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=13 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=14 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=15 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=16 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=17 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=18 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=19 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=2 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=20 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=21 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=22 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=23 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=24 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=25 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=26 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=27 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=28 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=29 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=3 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=30 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=31 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=32 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=4 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=5 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=6 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=7 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=8 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=9 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=1 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=2 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=3 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=4 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=5 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=6 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=7 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/score.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/search.jsp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/search.jsp?q=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/style.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://public-firing-range.appspot.com/mixedcontent/script.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/customer/css/style.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript/test.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/css/bootstrap.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/css/custom.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/css/home-bar.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/css/main.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/css/slider-cars.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/js/bootstrap.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/js/home-bar.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/js/jquery.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/js/slider-cars.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/js/treemenu.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/css/style.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/images/java-logo.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/images/live-project-logo.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/images/selenium-logo.jpg |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/images/testing-logo-1.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/css/bootstrap.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/css/bootstrap.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/css/custom.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/css/home-bar.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/css/jquery-ui.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/css/main.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/css/slider-cars.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/css/style.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/favicon.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/javascript/bootstrap.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/javascript/home-bar.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery.timeago.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/javascript/scripts.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/javascript/slider-cars.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/javascript/treemenu.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/JavaScript/test.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/logo.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/css/bootstrap.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/css/custom.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/css/home-bar.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/css/main.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/css/main_v1.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/css/slider-cars.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/bootstrap.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/home-bar.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/jquery.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/jquery.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/main.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/skel.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/slider-cars.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/treemenu.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/util.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/images/american.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/images/card/temp-32.jpg |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/images/card/temp-88.jpg |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/images/discover.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/images/mastercard.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/images/Toy.jpg |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/images/visa.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/index.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/robots.txt |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css/bootstrap.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css/custom.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css/home-bar.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css/main.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css/slider-cars.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css/style.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/bootstrap.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/home-bar.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/slider-cars.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/treemenu.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/selenium/facebook.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/css/e3c438a3d36360ba4dc5a169e3a1e376_0.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/images/041318_0534_WhatisFullf1.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/images/041318_0552_WhatisSAPBu1.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/images/051818_1048_SoftwareCon1.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/images/051818_1048_SoftwareCon2.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/js/b40b8f484a50c7147e39e067a6f3d6ef_0.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/js/jquery.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/logo_v1.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/page-1.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/page-5.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/access.php?uid=063675 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/access.php?uid=069466 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/access.php?uid=936997 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/css/bootstrap.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/css/custom.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/css/home-bar.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/css/main.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/css/main1.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/css/slider-cars.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/bootstrap.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/home-bar.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.scrolly.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/main.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/skel.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/slider-cars.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/tariffplan.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/test.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/treemenu.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/util.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assets/js/w3.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/images/pic01.jpg |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/accountingjs/AccountCSS.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/accountingjs/af3cfffb95196d4da1e9e744fbfc7875.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/accountingjs/jquery-ui.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/accountingjs/lesson6.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/block.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/cookie/bootstrap.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/cookie/selenium_aut.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/css/377f23bd2c7ce689ba2b940f21d082ca.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/css/bd.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/css/bootstrap.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/css/custom.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/css/home-bar.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/css/main.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/css/slider-cars.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/css/style.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/drag_drop.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/flips2.swf |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/ads.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/css/font-awesome.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/css/homepage.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/favicon.ico |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/images/app_google_play(1).png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/images/logo_1.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/images/logo_funlearn.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/images/logo_respnsivsite.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/Jmeter720.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/js/jquery.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/image_upload/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/image_upload/loader.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.form.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/img/eye.png |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/img/tooltips.jpg |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/js/bootstrap.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/js/home-bar.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/js/jquery.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/js/jquery.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/js/jquery.tools.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/js/slider-cars.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/js/treemenu.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/js/w3.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/link.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/main.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/msgr11us.exe |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/banner2.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/boxad1.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/continue.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/featured_destination.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/hdr_destinations.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/hdr_findflight.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/hdr_links.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/hdr_register.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/hdr_right.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/hdr_specials.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/hdr_tips.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/hdr_vacation.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/home.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/html.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/icn_destinations.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/icn_register.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/icn_vacations.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/logo.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/mast_construction.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/mast_flightfinder.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/mast_register.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/mast_signon.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/submit.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/images/tip93.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/reservation.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/support.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/radio.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/table.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/upload/css/banner-styles.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/upload/css/style.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/upload/images/spinner.gif |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/css/bootstrap.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/css/custom.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/css/home-bar.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/css/main.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/css/slider-cars.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/css/style.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/JavaScript/bootstrap.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/JavaScript/home-bar.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/JavaScript/jquery.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/JavaScript/slider-cars.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/JavaScript/test.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/JavaScript/treemenu.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/css/bootstrap.min.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/css/custom.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/css/home-bar.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/css/main.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/css/slider-cars.css |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/JavaScript/bootstrap.min.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/JavaScript/home-bar.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/JavaScript/jquery.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/JavaScript/slider-cars.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V4/JavaScript/treemenu.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/baseURI/documentwrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/documentURI/documentwrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/assign |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/documentwrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/documentwriteln |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/formaction |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/function |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/inlineevent |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/jshref |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/onclickAddEventListener |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/onclickSetAttribute |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/rangeCreateContextualFragment |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/replace |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location.hash/setTimeout |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location/assign |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location/documentwrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location/documentwriteln |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location/rangeCreateContextualFragment |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location/replace |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/location/setTimeout |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/locationhref/documentwrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/locationpathname/documentwrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/locationsearch/documentwrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/URL/documentwrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/address/URLUnencoded/documentwrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/badscriptimport |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/badscriptimport/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/clickjacking |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/clickjacking/clickjacking_csp_no_frame_ancestors |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/clickjacking/clickjacking_xfo_allowall |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/clickjacking/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/cors |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowInsecureScheme |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowNullOrigin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginEndsWith |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginProtocolDowngrade |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginRegexDot |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginStartsWith |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/dynamicAllowOrigin |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/cors/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/dompropagation |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/dompropagation/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/javascripturi.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/array/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/property/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/array/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/property/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithPartialStringComparison |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithRegExp |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/array/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/function/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/localStorage/property/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/array/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function/eval |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/function/innerHtml |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/dom/toxicdomscripts/sessionStorage/property/documentWrite |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/js/encodeURIComponent?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/js/escape?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/js/html_escape?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_quoted?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_singlequoted?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_unquoted?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/body_comment?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_import?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_font_value?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/css_style_value?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/head?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_assignment?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_comment?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_eval?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_quoted_string?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_singlequoted_string?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_slashquoted_string?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/tagname?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/textarea?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_name?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_quoted?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_singlequoted?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_unquoted?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/body_comment?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_import?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_font_value?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/css_style_value?escape=HTML_ESCAPE&q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/head?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_assignment?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_comment?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_eval?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_quoted_string?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_singlequoted_string?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_slashquoted_string?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/tagname?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/textarea?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/flashinjection |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/flashinjection/callbackIsEchoedBack?callback=func |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/flashinjection/callbackParameterDoesNothing?callback=func |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/flashinjection/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/leakedcookie |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/leakedcookie/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedcookie |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedcookie.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedinresource |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/mixedcontent |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/mixedcontent/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/redirect |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/redirect/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/redirect/meta?q=/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/contentsniffing/json?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/contentsniffing/plaintext?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/filteredcharsets/attribute_unquoted/DoubleQuoteSinglequote?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/filteredcharsets/body/SpaceDoubleQuoteSlashEquals?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseInsensitive/script?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/filteredstrings/body/caseSensitive/script?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/jsoncallback |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_name?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_quoted?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_unquoted?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/body |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/body?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/css_style?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/css_style_font_value?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/css_style_value?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/form |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/head?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/iframe_attribute_value?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/iframe_srcdoc?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_assignment?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_comment?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_eval?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_quoted_string?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_singlequoted_string?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_slashquoted_string?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/json?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/noscript?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/style_attribute_value?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/tagname?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/textarea?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/textarea_attribute_value?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/title?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/url/css_import?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/url/href?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/url/object_data?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/url/object_param?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/url/script_src?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude/object_hash.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/remoteinclude/script_hash.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback=callbackFunc&q |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback=foo&q |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/jsonpendpoint?callback=urc_button.click&q |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO/?q=foo |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO/?q=foo |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO/?q=%26callback%3Dfoo%23 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO/?q=%26callback%3Dfoo%23 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/ |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback/?q=urc_button.click |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter/?q=%26callback%3Durc_button.click%23 |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_includesubdomains_missing |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_missing |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_max_age_too_low |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_missing |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/hsts_preload_missing |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/tags |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/tags/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/tags/multiline?q=a |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/jsonp?callback=foo |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/jsonp?callback=foobar |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/a.href |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/base.href |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/document.location |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/embed.src |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/fetch |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/form.action |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/iframe.src |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/input.formaction |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/link.href |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/object.data |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.code.value |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.movie.value |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.src.value |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.url.value |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.href |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_domain |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_path |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_query |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/window.open |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/xhr.open |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/area.href?//example.org |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/button.formaction?//example.org |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/frame.src?//example.org |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/location.assign?//example.org |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/svg.a?//example.org |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries/index.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html |
| Method | GET |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/contact.jsp |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/new_quotation.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/insurance/v1/retrieve_quotation.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/image_upload/ajaximage.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/form |
| Method | POST |
| Parameter | x-content-type-options |
| Attack | |
| Evidence | |
| Other Info | This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses. |
| Instances | 662 |
| Solution |
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.
If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
|
| Reference |
https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)
https://owasp.org/www-community/Security_Headers |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10021 |
|
Informational |
Authentication Request Identified |
|---|---|
| Description |
The given request has been identified as an authentication request. The 'Other Info' field contains a set of key=value lines which identify any relevant fields. If the request is in a context which has an Authentication Method set to "Auto-Detect" then this rule will change the authentication to match the request identified.
|
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | pass |
| Other Info | userParam= email userValue=ZAP passwordParam= pass referer=https://demo.guru99.com/index.php |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | btnLogin |
| Attack | |
| Evidence | password |
| Other Info | userParam=btnLogin userValue=LOGIN passwordParam=password referer=https://demo.guru99.com/Agile_Project/Agi_V1/ |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | password |
| Other Info | userParam=email userValue=zaproxy@example.com passwordParam=password referer=https://demo.guru99.com/insurance/v1/index.php |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | btnLogin |
| Attack | |
| Evidence | password |
| Other Info | userParam=btnLogin userValue=LOGIN passwordParam=password referer=https://demo.guru99.com/Security/SEC_V1/index.php |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | username |
| Attack | |
| Evidence | password |
| Other Info | userParam=username userValue=ZAP passwordParam=password referer=https://demo.guru99.com/test/cookie/selenium_aut.php |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | userName |
| Attack | |
| Evidence | password |
| Other Info | userParam=userName userValue=ZAP passwordParam=password referer=https://demo.guru99.com/test/newtours/ |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | passwd |
| Other Info | userParam=email userValue=zaproxy@example.com passwordParam=passwd referer=https://demo.guru99.com/test/login.html |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | btnLogin |
| Attack | |
| Evidence | password |
| Other Info | userParam=btnLogin userValue=LOGIN passwordParam=password referer=https://demo.guru99.com/V1/index.php |
| URL | https://demo.guru99.com/web/20141011154238/http:/212.7.194.85/cgi-bin/upload.cgi?maxfilesize=206000000 |
| Method | POST |
| Parameter | AccessKey |
| Attack | |
| Evidence | file_password[0] |
| Other Info | userParam=AccessKey userValue=MTI= passwordParam=file_password[0] referer=https://demo.guru99.com/test/upload/ |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | username |
| Attack | |
| Evidence | password |
| Other Info | userParam=username userValue=test@example.com passwordParam=password |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | username |
| Attack | |
| Evidence | password |
| Other Info | userParam=username userValue=ZAP passwordParam=password referer=http://localhost:8090/bodgeit/login.jsp |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | userName |
| Attack | |
| Evidence | password |
| Other Info | userParam=userName userValue=ZAP passwordParam=password referer=https://demo.guru99.com/test/newtours/login.php |
| Instances | 12 |
| Solution |
This is an informational alert rather than a vulnerability and so there is nothing to fix.
|
| Reference | https://www.zaproxy.org/docs/desktop/addons/authentication-helper/auth-req-id/ |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10111 |
|
Informational |
Information Disclosure - Sensitive Information in URL |
|---|---|
| Description |
The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.
|
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | pass |
| Attack | |
| Evidence | pass |
| Other Info | The URL contains potentially sensitive information. The following string was found via the pattern: pass pass |
| Instances | 1 |
| Solution |
Do not pass sensitive information in URIs.
|
| Reference | |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10024 |
|
Informational |
Information Disclosure - Suspicious Comments |
|---|---|
| Description |
The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
|
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "<SCRIPT> loadfile('./js/encryption.js'); var key = "62be933b-25b1-40"; function validateForm(form){ ", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/js/util.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "////The following is from:", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/js/util.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "//http://stackoverflow.com/questions/316781/how-to-build-query-string-with-javascript", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | From |
| Other Info | The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: " document.getElementById('message26').innerHTML="From Date Field must not be blank";", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: " if(acc1 == "Select Account")", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: " document.getElementById('message23').innerHTML="User-ID must not be blank";", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Agile_Project/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Agile_Project/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Agile_Project/js/treemenu.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script> function calculatePremium(){ //alert("abc"); var value=$("#quotation_vehicle_attributes_value").val(); if(value>1", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | bug |
| Other Info | The following pattern was used: \bBUG\b and was detected 10 times, the first in the element starting with: " // We allow this because of a bug in IE8/9 that throws an error", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | bugs |
| Other Info | The following pattern was used: \bBUGS\b and was detected 4 times, the first in the element starting with: " // discovered by ChrisS here: http://bugs.jquery.com/ticket/12282#comment:15", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 56 times, the first in the element starting with: " // Logic borrowed from http://json.org/json2.js", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected 9 times, the first in the element starting with: "// Give the init function the jQuery prototype for later instantiation", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "//key/values into a query string", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 21 times, the first in the element starting with: " // We use this for POS matching in `select`", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | user |
| Other Info | The following pattern was used: \bUSER\b and was detected 5 times, the first in the element starting with: " // Can be adjusted by the user", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected 4 times, the first in the element starting with: " username: null,", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | where |
| Other Info | The following pattern was used: \bWHERE\b and was detected 9 times, the first in the element starting with: " // Handle the case where IE and Opera return items", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | bug |
| Other Info | The following pattern was used: \bBUG\b and was detected 6 times, the first in the element starting with: " // event.target.nodeName works around a bug in IE 8 with", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | bugs |
| Other Info | The following pattern was used: \bBUGS\b and was detected 8 times, the first in the element starting with: "// support: jQuery 1.6.1, 1.6.2 (http://bugs.jquery.com/ticket/9413)", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 104 times, the first in the element starting with: "// $.ui might exist from components with no dependencies, e.g., $.ui.position", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected 4 times, the first in the element starting with: " // redefine the widget later", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 28 times, the first in the element starting with: " return ( /input|select|textarea|button|object/.test( nodeName ) ?", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | TODO |
| Other Info | The following pattern was used: \bTODO\b and was detected 20 times, the first in the element starting with: " // TODO: determine which cases actually cause this to happen", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | user |
| Other Info | The following pattern was used: \bUSER\b and was detected 10 times, the first in the element starting with: " //If overflow is hidden, the element might have extra content, but the user wants to hide it", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | where |
| Other Info | The following pattern was used: \bWHERE\b and was detected 11 times, the first in the element starting with: " // Ignore z-index if position is set to a value where z-index is ignored by the browser", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery.timeago.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " suffixFromNow: "from now",", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/scripts.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: "$('#savedidentification').html("You have saved this quotation!<br />Your identification number is: "+data+"<br />Please write it", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/scripts.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: " $(this).effect("highlight",3000).select();", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/scripts.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | user |
| Other Info | The following pattern was used: \bUSER\b and was detected 7 times, the first in the element starting with: " $("#divincidents").append( "<label for='user_incidents_attributes_"+o+"_description'>Description</label><input id='user_inciden", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/scripts.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "//xhr.setRequestHeader("Authentication", "username:password in base64")", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/scripts.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | where |
| Other Info | The following pattern was used: \bWHERE\b and was detected in the element starting with: "//makes request to connect.php where another request is made to underwriter with all parameters", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/javascript/treemenu.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected in the element starting with: "return new Za.prototype.init(a,b,c,d,e)}m.Tween=Za,Za.prototype={constructor:Za,init:function(a,b,c,d,e,f){this.elem=a,this.prop", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/treemenu.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/util.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 3 times, the first in the element starting with: " * Generate an indented list of links from a nav. Meant for use with panel(). ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/util.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: " $this.find('select') ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/payment-gateway/assets/js/util.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: " * @param {object} userConfig User config. ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | From |
| Other Info | The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: " document.getElementById('message26').innerHTML="From Date Field must not be blank";", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: " if(acc1 == "Select Account")", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: " document.getElementById('message23').innerHTML="User-ID must not be blank";", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/treemenu.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/seo/js/b40b8f484a50c7147e39e067a6f3d6ef_0.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected in the element starting with: "!function(t){"use strict";t(function(){t.support.transition=function(){var t=function(){var t,e=document.createElement("bootstra", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/seo/js/b40b8f484a50c7147e39e067a6f3d6ef_0.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "(function(b,f){var a=0,e=/^ui-id-\d+$/;b.ui=b.ui||{};if(b.ui.version){return}b.extend(b.ui,{version:"1.9.2",keyCode:{BACKSPACE:8", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/seo/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "!function(e,t){"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected in the element starting with: "return new Za.prototype.init(a,b,c,d,e)}m.Tween=Za,Za.prototype={constructor:Za,init:function(a,b,c,d,e,f){this.elem=a,this.prop", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | From |
| Other Info | The following pattern was used: \bFROM\b and was detected 2 times, the first in the element starting with: " document.getElementById('message26').innerHTML="From Date Field must not be blank";", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: " if(acc1 == "Select Account")", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: " document.getElementById('message23').innerHTML="User-ID must not be blank";", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/treemenu.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/util.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected 3 times, the first in the element starting with: " * Generate an indented list of links from a nav. Meant for use with panel(). ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/util.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: " $this.find('select') ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/telecom/assets/js/util.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: " * @param {object} userConfig User config. ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/accountingjs/jquery-ui.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "this._rearrange(e,s),this._trigger("change",e,this._uiHash());break}return this._contactContainers(e),t.ui.ddmanager&&t.ui.ddman", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/accountingjs/jquery-ui.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 5 times, the first in the element starting with: "(function(t,e){function i(e,i){var n,o,a,r=e.nodeName.toLowerCase();return"area"===r?(n=e.parentNode,o=n.name,e.href&&o&&"map"==", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/accountingjs/lesson6.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " // To remove item from other shopping chart do this ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/accountingjs/lesson6.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: " var s="Please select another block"; ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/guru99home/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "}return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/guru99home/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.form.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " var httpData = function( xhr, type, s ) { // mostly lifted from jq1.4.4", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.form.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | later |
| Other Info | The following pattern was used: \bLATER\b and was detected in the element starting with: " * @requires jQuery v1.3.2 or later", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.form.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | query |
| Other Info | The following pattern was used: \bQUERY\b and was detected 2 times, the first in the element starting with: " options.data = q; // data is the query string for 'post'", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.form.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 13 times, the first in the element starting with: " tag == 'select' && el.selectedIndex == -1)) {", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.form.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | user |
| Other Info | The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: " // options.iframe allows user to force iframe mode", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.form.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: " * [ { name: 'username', value: 'jresig' }, { name: 'password', value: 'secret' } ]", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "(function(a,b){function cw(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function ct(a){if(!ch[a]){v", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/js/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "}return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/js/jquery.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/js/jquery.tools.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: "(function(a,b){function c(a){return K.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function d(a){if(!cl[a]){var", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/js/jquery.tools.min.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: ";if((!K.support.noCloneEvent||!K.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!K.isXMLDoc(a)){u(a,d),e=t(a),f=t(d", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/js/treemenu.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected 2 times, the first in the element starting with: "<script type='text/javascript'> /* <![CDATA[ */ var CrayonSyntaxSettings = {"version":"2.7.1","is_admin":"0","ajaxurl":"http:\", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script language="JavaScript"> <!-- var NoFileSelected='You must select a file to upload!'; var SenderRequired='You need enter y", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/V1/JavaScript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/V1/JavaScript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/V1/JavaScript/test.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: " document.getElementById('message23').innerHTML="User-ID must not be blank";", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/V1/JavaScript/treemenu.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/V4/JavaScript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | db |
| Other Info | The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.docu", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/V4/JavaScript/jquery.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | username |
| Other Info | The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "},cur:function(){var a=Zb.propHooks[this.prop];return a&&a.get?a.get(this):Zb.propHooks._default.get(this)},run:function(a){var ", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/V4/JavaScript/treemenu.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: " * a button from firing. ", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | debug |
| Other Info | The following pattern was used: \bDEBUG\b and was detected in the element starting with: "<script> const postMessageHandler = function(msg) { let action = msg.data.action; if(action === 'exec') { eval(msg", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from th", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | select |
| Other Info | The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script> function calculatePremium(){ //alert("abc"); var value=$("#quotation_vehicle_attributes_value").val(); if(value>1", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/about.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/admin.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/advanced.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/contact.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/home.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/score.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/search.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/search.jsp?q=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | FROM |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<!-- FILE ARCHIVED ON 1:21:14 May 19, 2014 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 5:45:56 Feb 21, 2017. JA", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | FROM |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<!-- FILE ARCHIVED ON 1:21:14 May 19, 2014 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 5:45:56 Feb 21, 2017. JAVAS", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | from |
| Other Info | The following pattern was used: \bFROM\b and was detected in the element starting with: "<!-- Never leave a conversation. Stay signed in while you go from computer to tablet to phone, and continue your conversation wh", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/contact.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | http://localhost:8090/bodgeit/register.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | admin |
| Other Info | The following pattern was used: \bADMIN\b and was detected in the element starting with: "<!-- td align="center" width="16%"><a href="admin.jsp">Admin</a></td-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | User |
| Other Info | The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- Display User ID label and its text box-->", see evidence field for the suspicious comment/snippet. |
| Instances | 175 |
| Solution |
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
|
| Reference | |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10027 |
|
Informational |
Loosely Scoped Cookie |
|---|---|
| Description |
Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.
|
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=3 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=0448AB0ED6C91159919BE73F6345C0E6 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=18A2EBFF4936320AD1EEEB3341EA01D4 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=33A3FE8B6A527DFCE7620B20529C12FA |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=349AB47B1061CA62238BE6A6BCDAFAD3 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=407DA006AECE494123A04506F2A9ECF5 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=4FCFE06C13D66C24B15F864A11B997DD |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=5A33F137A0FD627F4A5B3D11D1B919F3 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=5CBD62F159DD658A5E184BC3BD37AECC |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=8734D1E46777342DC2EE83B007CD8EE2 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=89B02A2B79F75F1410E0DB98BC30C6D1 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=8B82FF2CC59E8AB6C9F17F559D8F5ED4 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=915845EFFA5D761964C6AD07A128B10B |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=941168C38845F38E8040154C137DB877 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=9A10441F243BECEE482B21769735A095 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=A22DB34A8772A4D608E34159C47C453C |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=A4E25C37053DD56A9040B2A164B79553 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=B584B16C385F31F10E354FCCE4800152 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=CACF37E8136A2983FB6567152E055AF2 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=F4CDC10F5A22EEDA573DFDC5FA5A7015 |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=FE69E7782CB979AA91DE758AEE96CED9 |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=7500A83A3DB4C96BB1DE351A7091E5D0 |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost JSESSIONID=A329FA556790B84292975A3CA0E173AB |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=14 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=17 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=19 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=23 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=24 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=26 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=27 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=31 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=33 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=35 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=37 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=42 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=55 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=56 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=58 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=66 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Other Info | The origin domain used for comparison was: localhost b_id=67 |
| Instances | 40 |
| Solution |
Always scope cookies to a FQDN (Fully Qualified Domain Name).
|
| Reference |
https://tools.ietf.org/html/rfc6265#section-4.1
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies |
| CWE Id | 565 |
| WASC Id | 15 |
| Plugin Id | 90033 |
|
Informational |
Modern Web Application |
|---|---|
| Description |
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
|
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=10 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=11 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=12 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=13 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=14 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=15 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=16 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=17 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=18 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=2 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=21 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=22 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=24 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=26 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=28 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=3 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=30 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=31 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=32 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=4 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=6 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=7 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=8 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity();"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/seo/page-1.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/seo/page-5.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 150px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/access.php?uid=063675 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/access.php?uid=069466 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/access.php?uid=936997 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="text-shadow:none;margin-left: 200px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/cookie/selenium_aut.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="../js/jquery.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/drag_drop.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="margin-left:200px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;margin-left: 200px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="text-shadow:none;font-size: 14px;margin-left: 200px;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/image_upload/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="font-size: 14px;color:#FFF;font-weight:700">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/reservation.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/support.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/radio.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="margin-top: -50px !important;margin-left: 100px;text-decoration: none;">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/table.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a id="download_now">Download now</a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a name="up"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a name="skip-nav" id="skip-nav"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/baseURI/documentwrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.baseURI; document.write(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/documentURI/documentwrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.documentURI; document.write(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/assign |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);window.location.assign(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/documentwrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);document.write(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/documentwriteln |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);document.writeln(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);eval(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/formaction |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);var form = document.createElement('form'); form.setAttribute('action', payload); form.innerHTML = '<input type=\'submit\'></input>'; document.documentElement.appendChild(form); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/function |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);var f = new Function(payload); f(); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/inlineevent |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.innerHTML = '<div onclick=\'' + payload.replace(/'/g, '"') + '\'>div</div>'; document.documentElement.appendChild(div); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.id = 'divEl'; document.documentElement.appendChild(div); var divEl = document.getElementById('divEl'); divEl.innerHTML = payload; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/jshref |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);var a = document.createElement('a'); a.setAttribute('href', payload); document.documentElement.appendChild(a); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/onclickAddEventListener |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.addEventListener('click', new Function(payload), false); document.documentElement.appendChild(div); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/onclickSetAttribute |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.setAttribute('onclick', payload); document.documentElement.appendChild(div); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/rangeCreateContextualFragment |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);var div = document.createElement('div'); div.id = 'divEl'; document.documentElement.appendChild(div); var range = document.createRange(); // make the parent of the first div in the document becomes the context node range.selectNode(document.getElementsByTagName("div").item(0)); var documentFragment = range.createContextualFragment(payload); document.body.appendChild(documentFragment); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/replace |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);location.replace(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location.hash/setTimeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.hash.substr(1);setTimeout('var a=a;' + payload, 1); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location/assign |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location; window.location.assign(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location/documentwrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location; document.write(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location/documentwriteln |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location; document.writeln(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location; eval(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location; var div = document.createElement('div'); div.id = 'divEl'; document.documentElement.appendChild(div); var divEl = document.getElementById('divEl'); divEl.innerHTML = payload; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location/rangeCreateContextualFragment |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location; var div = document.createElement('div'); div.id = 'divEl'; document.documentElement.appendChild(div); var range = document.createRange(); // make the parent of the first div in the document becomes the context node range.selectNode(document.getElementsByTagName("div").item(0)); var documentFragment = range.createContextualFragment(payload); document.body.appendChild(documentFragment); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location/replace |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location; location.replace(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/location/setTimeout |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location; setTimeout('var a=a;' + payload, 1); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/locationhref/documentwrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.href; document.write(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/locationpathname/documentwrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.pathname; document.write(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/locationsearch/documentwrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = window.location.search.substr(1); document.write(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/URL/documentwrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.URL; document.write(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/address/URLUnencoded/documentwrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.URLUnencoded; document.write(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.1.5?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.1.5/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.18?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.18/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.19?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.19/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.2.24?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.24/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.4.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body/1.6.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_alt_symbols/1.4.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_alt_symbols_raw/1.6.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng/1.4.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw/1.4.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_escaped/1.4.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_escaped_alt_symbols/1.4.0?q=test |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.4.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_cookie_parse/1.6.0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_form_parse/1.6.0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_post_message_parse/1.6.0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_storage_parse/1.6.0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowInsecureScheme |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowNullOrigin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginEndsWith |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginProtocolDowngrade |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginRegexDot |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/allowOriginStartsWith |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/cors/alloworigin/dynamicAllowOrigin |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var xhr = new XMLHttpRequest(); xhr.open('POST', location.href, true); xhr.send(); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/dompropagation |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> // Writing to DOM attribute document.title and // reading back propagates the XSS payload. var payload = location.hash.substr(1); window.status = payload; var retrieved_payload = window.status; eval(retrieved_payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/dompropagation/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> // Writing to DOM attribute document.title and // reading back propagates the XSS payload. var payload = location.hash.substr(1); window.status = payload; var retrieved_payload = window.status; eval(retrieved_payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> function deferredPayload() { // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } }var form = document.createElement('form'); var input = document.createElement('input'); input.setAttribute('id', 'userInput'); var submit = document.createElement('input'); submit.setAttribute('type', 'submit'); form.setAttribute('action', '#'); form.appendChild(input); form.appendChild(submit); var payload = ''; form.onsubmit = function() { payload = document.getElementById('userInput').value; deferredPayload(); return false; }; document.body.appendChild(form);// Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> function deferredPayload() { // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; }var form = document.createElement('form'); var input = document.createElement('input'); input.setAttribute('id', 'userInput'); var submit = document.createElement('input'); submit.setAttribute('type', 'submit'); form.setAttribute('action', '#'); form.appendChild(input); form.appendChild(submit); var payload = ''; form.onsubmit = function() { payload = document.getElementById('userInput').value; deferredPayload(); return false; }; document.body.appendChild(form);// Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/formSubmission/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> function deferredPayload() { var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; }var form = document.createElement('form'); var input = document.createElement('input'); input.setAttribute('id', 'userInput'); var submit = document.createElement('input'); submit.setAttribute('type', 'submit'); form.setAttribute('action', '#'); form.appendChild(input); form.appendChild(submit); var payload = ''; form.onsubmit = function() { payload = document.getElementById('userInput').value; deferredPayload(); return false; }; document.body.appendChild(form);var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> function deferredPayload() { // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } }// Trigger XSS by waiting for typing events / watch for change on an input field. var input = document.createElement('input'); input.setAttribute('type', 'text'); var payload = ''; function xssIt(e) { payload = e.target.value; deferredPayload(); } input.addEventListener('keyup', xssIt); input.addEventListener('change', xssIt); document.body.appendChild(input);// Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> function deferredPayload() { // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; }// Trigger XSS by waiting for typing events / watch for change on an input field. var input = document.createElement('input'); input.setAttribute('type', 'text'); var payload = ''; function xssIt(e) { payload = e.target.value; deferredPayload(); } input.addEventListener('keyup', xssIt); input.addEventListener('change', xssIt); document.body.appendChild(input);// Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/eventtriggering/document/inputTyping/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> function deferredPayload() { var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; }// Trigger XSS by waiting for typing events / watch for change on an input field. var input = document.createElement('input'); input.setAttribute('type', 'text'); var payload = ''; function xssIt(e) { payload = e.target.value; deferredPayload(); } input.addEventListener('keyup', xssIt); input.addEventListener('change', xssIt); document.body.appendChild(input);var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> /* * Return the value of the first cookie with the given name. */ var lookupCookie = function(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } }; var payload = lookupCookie('ThisCookieIsTotallyRandomAndCantPossiblyBeSet'); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> /* * Return the value of the first cookie with the given name. */ var lookupCookie = function(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } }; var payload = lookupCookie('ThisCookieIsTotallyRandomAndCantPossiblyBeSet'); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> /* * Return the value of the first cookie with the given name. */ function lookupCookie(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } } // Pre-seed the cookie, if it has not been set yet. if (!lookupCookie('badValue')) { document.cookie = 'badValue="a"'; } var payload = lookupCookie('badValue'); setTimeout(function() { trigger(lookupCookie('badValue')); }, 10); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> /* * Return the value of the first cookie with the given name. */ function lookupCookie(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } } // Pre-seed the cookie, if it has not been set yet. if (!lookupCookie('badValue')) { document.cookie = 'badValue="a"'; } var payload = lookupCookie('badValue'); setTimeout(function() { trigger(lookupCookie('badValue')); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> /* * Return the value of the first cookie with the given name. */ function lookupCookie(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } } // Pre-seed the cookie, if it has not been set yet. if (!lookupCookie('badValue')) { document.cookie = 'badValue="a"'; } var payload = lookupCookie('badValue'); setTimeout(function() { trigger(lookupCookie('badValue')); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> /* * Return the value of the first cookie with the given name. */ function lookupCookie(name) { var parts = document.cookie.split(/\s*;\s*/); var nameEq = name + '='; for (var i = 0; i < parts.length; i++) { if (parts[i].indexOf(nameEq) == 0) { return parts[i].substr(nameEq.length); } } } // Pre-seed the cookie, if it has not been set yet. if (!lookupCookie('badValue')) { document.cookie = 'badValue="a"'; } var payload = lookupCookie('badValue'); setTimeout(function() { trigger(lookupCookie('badValue')); }, 10); var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (document.referrer == "") { // If the referrer is not set, we set the referrer by reloading the page. location.href = location.href; } else { // Modern browsers escape the referrer. We unescape it to make it dangerous. var payload = unescape(document.referrer); setTimeout(function() { trigger(document.referrer); }, 10); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (document.referrer == "") { // If the referrer is not set, we set the referrer by reloading the page. location.href = location.href; } else { // Modern browsers escape the referrer. We unescape it to make it dangerous. var payload = unescape(document.referrer); setTimeout(function() { trigger(document.referrer); }, 10); } // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (document.referrer == "") { // If the referrer is not set, we set the referrer by reloading the page. location.href = location.href; } else { // Modern browsers escape the referrer. We unescape it to make it dangerous. var payload = unescape(document.referrer); setTimeout(function() { trigger(document.referrer); }, 10); } // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/document/referrer/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (document.referrer == "") { // If the referrer is not set, we set the referrer by reloading the page. location.href = location.href; } else { // Modern browsers escape the referrer. We unescape it to make it dangerous. var payload = unescape(document.referrer); setTimeout(function() { trigger(document.referrer); }, 10); } var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/array/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/localStorage/array/eval"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/localStorage/function/documentWrite"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/localStorage/function/eval"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/function/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/localStorage/function/innerHtml"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/localStorage/property/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/localStorage/property/documentWrite"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/array/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/sessionStorage/array/eval"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/sessionStorage/function/documentWrite"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/sessionStorage/function/eval"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/function/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/sessionStorage/function/innerHtml"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/external/sessionStorage/property/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="/dom/toxicdomscripts/sessionStorage/property/documentWrite"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!localStorage['badValue']) { localStorage['badValue'] = Math.random(); } var payload = localStorage['badValue']; setTimeout(function() { trigger(localStorage['badValue']); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/array/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!localStorage['badValue']) { localStorage['badValue'] = Math.random(); } var payload = localStorage['badValue']; setTimeout(function() { trigger(localStorage['badValue']); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!localStorage.getItem('badValue')) { localStorage.setItem('badValue', Math.random()); } var payload = localStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(localStorage.getItem('badValue')); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!localStorage.getItem('badValue')) { localStorage.setItem('badValue', Math.random()); } var payload = localStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(localStorage.getItem('badValue')); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!localStorage.getItem('badValue')) { localStorage.setItem('badValue', Math.random()); } var payload = localStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(localStorage.getItem('badValue')); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!localStorage.getItem('badValue')) { localStorage.setItem('badValue', Math.random()); } var payload = localStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(localStorage.getItem('badValue')); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!localStorage.badValue) { localStorage.badValue = Math.random(); } var payload = localStorage.badValue; setTimeout(function() { trigger(localStorage.badValue); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/localStorage/property/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!localStorage.badValue) { localStorage.badValue = Math.random(); } var payload = localStorage.badValue; setTimeout(function() { trigger(localStorage.badValue); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. localStorage.clear(); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/complexMessageDocumentWriteEval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> const postMessageHandler = function(msg) { let action = msg.data.action; if(action === 'exec') { eval(msg.data.payload); } else if (action === 'addImage') { document.write('<img href='+ msg.data.source + '>'); } else if (action === 'addHtml') { document.write(msg.data.html); } else { console.debug('unsupported command'); } }; window.addEventListener('message', postMessageHandler, false); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var postMessageHandler = function(msg) { var content = JSON.parse(msg.data); document.write('<scr' + 'ipt src="' + content.url +'"></scr' + 'ipt>'); }; window.addEventListener('message', postMessageHandler, false); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var postMessageHandler = function(msg) { var content = msg.data; var msgObj = eval(content); if (msgObj.isActive) { document.write("PostMessage arrived!"); } } window.addEventListener('message', postMessageHandler, false); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithPartialStringComparison |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var postMessageHandler = function(msg) { if (msg.origin.includes('www.google.com')) { eval(msg.data); } } window.addEventListener('message', postMessageHandler, false); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/improperOriginValidationWithRegExp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var postMessageHandler = function(msg) { const originRegExp = /https?:\/\/www.google.com/ if (msg.origin.match(originRegExp)) { eval(msg.data); } } window.addEventListener('message', postMessageHandler, false); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/postMessage/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var postMessageHandler = function(msg) { var content = JSON.parse(msg.data); var div = document.createElement('div'); div.innerHTML = content.html; document.documentElement.appendChild(div); }; window.addEventListener('message', postMessageHandler, false); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!sessionStorage['badValue']) { sessionStorage['badValue'] = Math.random(); } var payload = sessionStorage['badValue']; setTimeout(function() { trigger(sessionStorage['badValue']); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. sessionStorage.clear(); }, 10); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/array/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!sessionStorage['badValue']) { sessionStorage['badValue'] = Math.random(); } var payload = sessionStorage['badValue']; setTimeout(function() { trigger(sessionStorage['badValue']); // Using the async trigger. // Clean up the localStorage to avoid causing side-effect on subsequent tests. sessionStorage.clear(); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!sessionStorage.getItem('badValue')) { sessionStorage.setItem('badValue', Math.random()); } var payload = sessionStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(sessionStorage.getItem('badValue')); // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!sessionStorage.getItem('badValue')) { sessionStorage.setItem('badValue', Math.random()); } var payload = sessionStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(sessionStorage.getItem('badValue')); // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!sessionStorage.getItem('badValue')) { sessionStorage.setItem('badValue', Math.random()); } var payload = sessionStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(sessionStorage.getItem('badValue')); // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/function/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!sessionStorage.getItem('badValue')) { sessionStorage.setItem('badValue', Math.random()); } var payload = sessionStorage.getItem('badValue'); // Using sync trigger. setTimeout(function() { trigger(sessionStorage.getItem('badValue')); // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10); var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!sessionStorage.badValue) { sessionStorage.badValue = Math.random(); } var payload = sessionStorage.badValue; setTimeout(function() { trigger(sessionStorage.badValue); // Using the async trigger. // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10) </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/sessionStorage/property/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (!sessionStorage.badValue) { sessionStorage.badValue = Math.random(); } var payload = sessionStorage.badValue; setTimeout(function() { trigger(sessionStorage.badValue); // Using the async trigger. // Clean up the sessionStorage to avoid side-effects on subsequent tests. sessionStorage.clear(); }, 10) // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (window.name == "") { window.name = "badvalue='a'"; } var payload = window.name; setTimeout(function() { trigger(window.name); }, 10); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name/documentWrite |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (window.name == "") { window.name = "badvalue='a'"; } var payload = window.name; setTimeout(function() { trigger(window.name); }, 10); // Sync trigger. document.write(payload); // Async trigger. function trigger(payload) { document.write(payload); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name/eval |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (window.name == "") { window.name = "badvalue='a'"; } var payload = window.name; setTimeout(function() { trigger(window.name); }, 10); // Sync trigger. eval(payload); // Async trigger. function trigger(payload) { eval(payload); }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/dom/toxicdom/window/name/innerHtml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> if (window.name == "") { window.name = "badvalue='a'"; } var payload = window.name; setTimeout(function() { trigger(window.name); }, 10); var div = document.createElement('div'); document.documentElement.appendChild(div); // Sync trigger. div.innerHTML = payload; // Async trigger. function trigger(payload) { div.innerHTML = payload; }; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/js/encodeURIComponent?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> eval(encodeURIComponent('a')); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/js/escape?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> eval(escape('a')); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/js/html_escape?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>eval('a'.replace(/</g, '<') .replace(/&/g, '&') .replace(/>/g, '>')); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_script?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="http://irrelevant.google.com?a"/> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_assignment?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo=a;</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_comment?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo=1; /* "a" */</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_eval?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>a;</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_quoted_string?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo="a";</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_singlequoted_string?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo='a';</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/js_slashquoted_string?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo=/a/;</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/encodeUrl/tagname?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_script?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="http://irrelevant.google.com?a"/> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_assignment?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo=a;</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_comment?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo=1; /* "a" */</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_eval?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>a;</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_quoted_string?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo="a";</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_singlequoted_string?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo='a';</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/js_slashquoted_string?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo=/a/;</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/escape/serverside/escapeHtml/tagname?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="//nonexistent.google"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var script = document.createElement('script'); script.src = '//nonexistent.google'; document.body.append(script); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedinresource |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="leakedcookie.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/mixedcontent |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="http://public-firing-range.appspot.com/mixedcontent/script.js"> </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/mixedcontent/index.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="http://public-firing-range.appspot.com/mixedcontent/script.js"> </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/attribute_script?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="http://irrelevant.google.com/a"/> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_assignment?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo=a;</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_comment?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo=1; /* "a" */</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_eval?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>eval("a");</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_quoted_string?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo="a";</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_singlequoted_string?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo='a';</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/js_slashquoted_string?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script>var foo=/a/;</script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/noscript?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <noscript>a</noscript> |
| Other Info | A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. |
| URL | https://public-firing-range.appspot.com/reflected/parameter/tagname?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reflected/url/script_src?q=a |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="a"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/remoteinclude/object_hash.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var target = location.hash.substr(1); var body = document.getElementsByTagName('body')[0]; var object = document.createElement('object'); object.data = target; body.appendChild(object); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="http://127.0.0.2/localhost_import.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="http://192.168.1.2/private_network_import.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="http://g00gle.com/typosquatting_domain.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://google.com"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/remoteinclude/script_hash.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var target = location.hash.substr(1); var head = document.getElementsByTagName('head')[0]; var script = document.createElement('script'); script.type = 'text/javascript'; script.src = target; head.appendChild(script); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithoutXFO/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/InCallback/WithXFO/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithoutXFO/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInFragment/OtherParameter/WithXFO/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, only for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback='></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithoutXFO/?q=foo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=foo'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback='></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/InCallback/WithXFO/?q=foo |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=foo'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=callbackFunc'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithoutXFO/?q=%26callback%3Dfoo%23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=foo#&callback=callbackFunc'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=callbackFunc'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/multipage/ParameterInQuery/OtherParameter/WithXFO/?q=%26callback%3Dfoo%23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=foo#&callback=callbackFunc'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, just for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/InCallback/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, just for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=' + q + ''; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, just for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInFragment/OtherParameter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var resultDiv = document.getElementById('result'); /** * Callback function that receives data from the JSONP callback and * prints a "stringified" representation of the response, just for * human debugging. */ function callbackFunc(data) { resultDiv.textContent = 'JSONP data received: ' + JSON.stringify(data); } try { // Retrieve the "q" parameter in the URL fragment var q = decodeURIComponent(new RegExp('[?&#]q=([^&]*)') .exec(location.hash)[1]); // Validate it (prevents trivial XSS) var allowedPattern = /^[a-zA-Z0-9\._&#=]+$/; if (allowedPattern.test(q)) { // The vulnerability arises because of this insecure concatenation var url = '/reverseclickjacking/jsonpendpoint?q=' + q + '&callback=callbackFunc'; /* Create the <script> tag that executes the JS code returned by * the JSONP endpoint. */ var s = document.createElement('script'); s.type = 'text/javascript'; s.src = url; document.body.appendChild(s); } } catch(e) { resultDiv.textContent = 'Please specify a q parameter in the fragment.'; } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback='></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/InCallback/?q=urc_button.click |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=urc_button.click'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=callbackFunc'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/singlepage/ParameterInQuery/OtherParameter/?q=%26callback%3Durc_button.click%23 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src= '/reverseclickjacking/jsonpendpoint?q=&callback=urc_button.click#&callback=callbackFunc'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/a.href |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var anchor = document.createElement("a"); anchor.href = payload; anchor.text = "Here's an anchor link"; document.body.appendChild(anchor); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/base.href |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var baseElement = document.createElement("base"); baseElement.href = payload; document.head.appendChild(baseElement); var scriptTag = document.createElement("script"); scriptTag.src = "exploit.js"; document.body.appendChild(scriptTag); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/document.location |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); document.location = payload; </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/embed.src |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var embedElement = document.createElement("embed"); embedElement.src = payload; document.body.appendChild(embedElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/fetch |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var divElement = document.createElement('div'); var resourceUri= payload; fetch(resourceUri).then( function(response) { return response.text(); }).then(function(body) { divElement.innerHTML = body; }); document.body.appendChild(divElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/form.action |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var formElement = document.createElement("form"); formElement.action = payload; var inputElement = document.createElement("input"); inputElement.type = "submit"; inputElement.value = "Submit!"; formElement.appendChild(inputElement); document.body.appendChild(formElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/iframe.src |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var iframe = document.createElement("iframe"); iframe.src = payload; document.body.appendChild(iframe); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/input.formaction |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var form = document.createElement("form"); var input = document.createElement("input"); input.formAction = payload; input.type = "submit"; input.value = "submit!"; document.body.appendChild(form); form.appendChild(input); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/link.href |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var linkElement = document.createElement("link"); linkElement.rel = "import"; linkElement.href = payload; document.body.appendChild(linkElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/object.data |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); objectElement.data = payload; document.body.appendChild(objectElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.code.value |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); var paramTypeElement = document.createElement("param"); var paramCodeElement = document.createElement("param"); var paramAllowScriptAccessElement = document.createElement("param"); paramTypeElement.name = "type"; paramTypeElement.value = "application/x-shockwave-flash"; paramAllowScriptAccessElement.name = "allowScriptAccess"; paramAllowScriptAccessElement.value = "always"; paramCodeElement.name = "code"; paramCodeElement.value = payload; objectElement.appendChild(paramAllowScriptAccessElement); objectElement.appendChild(paramTypeElement); objectElement.appendChild(paramCodeElement); document.body.appendChild(objectElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.movie.value |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); var paramTypeElement = document.createElement("param"); var paramMovieElement = document.createElement("param"); var paramAllowScriptAccessElement = document.createElement("param"); paramTypeElement.name = "type"; paramTypeElement.value = "application/x-shockwave-flash"; paramAllowScriptAccessElement.name = "allowScriptAccess"; paramAllowScriptAccessElement.value = "always"; paramMovieElement.name = "movie"; paramMovieElement.value = payload; objectElement.appendChild(paramAllowScriptAccessElement); objectElement.appendChild(paramTypeElement); objectElement.appendChild(paramMovieElement); document.body.appendChild(objectElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.src.value |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); var paramTypeElement = document.createElement("param"); var paramSrcElement = document.createElement("param"); var paramAllowScriptAccessElement = document.createElement("param"); paramTypeElement.name = "type"; paramTypeElement.value = "application/x-shockwave-flash"; paramAllowScriptAccessElement.name = "allowScriptAccess"; paramAllowScriptAccessElement.value = "always"; paramSrcElement.name = "src"; paramSrcElement.value = payload; objectElement.appendChild(paramAllowScriptAccessElement); objectElement.appendChild(paramTypeElement); objectElement.appendChild(paramSrcElement); document.body.appendChild(objectElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/param.url.value |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var objectElement = document.createElement("object"); var paramTypeElement = document.createElement("param"); var paramUrlElement = document.createElement("param"); var paramAllowScriptAccessElement = document.createElement("param"); paramTypeElement.name = "type"; paramTypeElement.value = "application/x-shockwave-flash"; paramAllowScriptAccessElement.name = "allowScriptAccess"; paramAllowScriptAccessElement.value = "always"; paramUrlElement.name = "url"; paramUrlElement.value = payload; objectElement.appendChild(paramAllowScriptAccessElement); objectElement.appendChild(paramTypeElement); objectElement.appendChild(paramUrlElement); document.body.appendChild(objectElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.href |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var xmlns = "http://www.w3.org/2000/svg"; var svgElement = document.createElementNS(xmlns,"svg"); svgElement.setAttributeNS( "http://www.w3.org/2000/xmlns/", "xmlns:xlink", "http://www.w3.org/1999/xlink"); var scriptElement = document.createElementNS(xmlns,"script"); scriptElement.setAttributeNS( "http://www.w3.org/1999/xlink", "xlink:href", location.hash.substr(1)); svgElement.appendChild(scriptElement); document.body.appendChild(svgElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var scriptElement = document.createElement("script"); scriptElement.src = payload; document.body.appendChild(scriptElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_domain |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var scriptElement = document.createElement("script"); scriptElement.src = location.origin + payload + "/script.js"; document.body.appendChild(scriptElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_path |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var scriptElement = document.createElement("script"); scriptElement.src = "/" + payload; document.body.appendChild(scriptElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/script.src.partial_query |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var scriptElement = document.createElement("script"); scriptElement.src = location.origin + "/urldom/jsonp?referrer=" + payload + "&callback=helloWorld"; document.body.appendChild(scriptElement); function helloWorld(data) { var divElement = document.createElement("div"); divElement.textContent = data["msg"]; document.body.appendChild(divElement); } </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/window.open |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); window.open(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/hash/xhr.open |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.hash.substr(1); var xhttp = new XMLHttpRequest(); xhttp.open("GET",payload,false); xhttp.send(); var div = document.createElement("div"); div.innerHTML=xhttp.responseText; document.body.appendChild(div); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/area.href?//example.org |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.search.substr(1); var area = document.createElement("area"); area.href = payload; area.textContent = "Here's an area element"; document.body.appendChild(area); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/button.formaction?//example.org |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.search.substr(1); var form = document.createElement("form"); var button = document.createElement("button"); button.formAction = payload; button.type = "submit"; button.textContent = "submit!"; document.body.appendChild(form); form.appendChild(button); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/frame.src?//example.org |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.search.substr(1); var frame = document.createElement("frame"); frame.src = payload; document.body.appendChild(frame); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/location.assign?//example.org |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.search.substr(1); location.assign(payload); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/urldom/location/search/svg.a?//example.org |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script> var payload = document.location.search.substr(1); var xmlns = "http://www.w3.org/2000/svg"; var svgElement = document.createElementNS(xmlns,"svg"); svgElement.setAttribute("width",500); svgElement.setAttribute("height",500); svgElement.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:xlink","http://www.w3.org/1999/xlink"); var anchor = document.createElementNS(xmlns,"a"); anchor.setAttributeNS("http://www.w3.org/1999/xlink","xlink:href",payload); var text = document.createElementNS(xmlns,"text"); text.textContent = "This is an anchor element!"; text.setAttribute("x",60); text.setAttribute("y",21); text.setAttribute("fill","black"); anchor.appendChild(text); svgElement.appendChild(anchor); document.body.appendChild(svgElement); </script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-1.8.1.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(10);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(13);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(17);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(18);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(19);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(20);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(21);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(24);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(27);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(28);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(5);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(6);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(7);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(8);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" onclick="decQuantity(9);"><img src="images/130.png" alt="Decrease quantity in basket" border="0"></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/insurance/v1/retrieve_quotation.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <script src="../js/w3.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <script async='async' src='https://www.googletagservices.com/tag/js/gpt.js'></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <a href="#" class="dropdown-toggle" data-toggle="dropdown">Selenium <b class="caret"></b></a> |
| Other Info | Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. |
| URL | https://public-firing-range.appspot.com/angular/angular_body_raw_post/1.6.0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <script src="//ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.js"></script> |
| Other Info | No links have been found while there are scripts, which is an indication that this is a modern web application. |
| Instances | 327 |
| Solution |
This is an informational alert and so no changes are required.
|
| Reference | |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10109 |
|
Informational |
Re-examine Cache-control Directives |
|---|---|
| Description |
The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.
|
| URL | https://demo.guru99.com/ |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721 |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=574612 |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=646509 |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/index.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/robots.txt |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=172800 |
| Other Info | |
| URL | https://demo.guru99.com/selenium/facebook.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-1.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-5.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=063675 |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=069466 |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/access.php?uid=936997 |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/ |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/ajax.html?name=ZAP |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/autoit.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/block.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_aut.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/drag_drop.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/facebook.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/ads.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/guru99home/scrolling.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/image_upload/ |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/link.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/login.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/support.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/radio.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/social-icon.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/table.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/upload/ |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/yahoo.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/ |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/address/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/angular/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/badscriptimport |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/badscriptimport/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/clickjacking |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/clickjacking/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/cors/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/dom/javascripturi.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/escape/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/flashinjection |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/flashinjection/callbackIsEchoedBack?callback=func |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/flashinjection/callbackParameterDoesNothing?callback=func |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://public-firing-range.appspot.com/flashinjection/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/insecurethirdpartyscripts/third_party_scripts_without_subresource_integrity_dynamically_added.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/leakedcookie/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/mixedcontent |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/mixedcontent/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/redirect |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/redirect/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reflected/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/object_hash.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/remoteinclude/script_hash.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/reverseclickjacking/ |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/stricttransportsecurity/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/tags |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/tags/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/urldom/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries/index.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://public-firing-range.appspot.com/vulnerablelibraries/jquery.html |
| Method | GET |
| Parameter | cache-control |
| Attack | |
| Evidence | public, max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/new_quotation.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/insurance/v1/retrieve_quotation.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/flash-testing.html |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/image_upload/ajaximage.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | cache-control |
| Attack | |
| Evidence | max-age=600 |
| Other Info | |
| Instances | 119 |
| Solution |
For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".
|
| Reference |
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control https://grayduck.mn/2021/09/13/cache-control-recommendations/ |
| CWE Id | 525 |
| WASC Id | 13 |
| Plugin Id | 10015 |
|
Informational |
Session Management Response Identified |
|---|---|
| Description |
The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.
|
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 0448AB0ED6C91159919BE73F6345C0E6 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 18A2EBFF4936320AD1EEEB3341EA01D4 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 33A3FE8B6A527DFCE7620B20529C12FA |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 349AB47B1061CA62238BE6A6BCDAFAD3 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 407DA006AECE494123A04506F2A9ECF5 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 4FCFE06C13D66C24B15F864A11B997DD |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 5A33F137A0FD627F4A5B3D11D1B919F3 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 5CBD62F159DD658A5E184BC3BD37AECC |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 8734D1E46777342DC2EE83B007CD8EE2 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 89B02A2B79F75F1410E0DB98BC30C6D1 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 8B82FF2CC59E8AB6C9F17F559D8F5ED4 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 915845EFFA5D761964C6AD07A128B10B |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 941168C38845F38E8040154C137DB877 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 9A10441F243BECEE482B21769735A095 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | A22DB34A8772A4D608E34159C47C453C |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | A4E25C37053DD56A9040B2A164B79553 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | B584B16C385F31F10E354FCCE4800152 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | CACF37E8136A2983FB6567152E055AF2 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | F4CDC10F5A22EEDA573DFDC5FA5A7015 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | FE69E7782CB979AA91DE758AEE96CED9 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=1 |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 7500A83A3DB4C96BB1DE351A7091E5D0 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/product.jsp?typeid=2 |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | A329FA556790B84292975A3CA0E173AB |
| Other Info | cookie:JSESSIONID |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedcookie |
| Method | GET |
| Parameter | my_secret_cookie |
| Attack | |
| Evidence | 0mERtClmz/8= |
| Other Info | cookie:my_secret_cookie |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedcookie |
| Method | GET |
| Parameter | my_secret_cookie |
| Attack | |
| Evidence | ven4/JO9C+A= |
| Other Info | cookie:my_secret_cookie |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedinresource |
| Method | GET |
| Parameter | my_secret_cookie |
| Attack | |
| Evidence | ZHLgr9oZ4M8= |
| Other Info | cookie:my_secret_cookie |
| URL | https://public-firing-range.appspot.com/leakedcookie/leakedinresource |
| Method | GET |
| Parameter | my_secret_cookie |
| Attack | |
| Evidence | ceVtMkOZH1Q= |
| Other Info | cookie:my_secret_cookie |
| URL | http://demo.guru99.com/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/seo/page-2.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/seo/page-4.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/test/js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/test/js/home-bar.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/test/js/jquery.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/test/js/treemenu.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/test/msgr11us.exe |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/test/newtours/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | http://demo.guru99.com/test/tooltip.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 18A2EBFF4936320AD1EEEB3341EA01D4 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | GET |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 5CBD62F159DD658A5E184BC3BD37AECC |
| Other Info | cookie:JSESSIONID |
| URL | https://demo.guru99.com/access.php?%20email=ZAP&%20pass=seqerer%20&uid=mngr564973%20 |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/agile-testing-course.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/customer/css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/customer/css/style.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/customer/JavaScript |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/customer/scripts/commonstyle.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/css/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/css/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/css/main.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/css/slider-cars.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/images/2.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/js/bootstrap.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/js/bootstrap.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/js/slider-cars.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Agile_Project/scripts/validate_login.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/angularjs-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/apache.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/asp-net-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/blockchain-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/business-analyst-tutorial-course.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/c-programming-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/c-programming-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/c-programming-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/c-sharp-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/c-sharp-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/c-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/classes |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/cloud-computing-for-beginners.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/co-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/co-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/co-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/codeigniter-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/compiler-design-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/data-warehousing-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/dbms-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/excel-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/excel-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/free-digital-marketing-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/free-digital-marketing-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/hp-alm-free-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/images/logo/favicon.ico |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/images/testing-logo-1.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/img/favicon.ico?1461205423 |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/css/bootstrap.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/css/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/css/custom.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/css/custom.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/css/home-bar.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/css/main.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/css/main.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/css/style.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/favicon.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/favicon.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/javascript/bootstrap.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-1.10.2.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery-ui.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/javascript/jquery.timeago.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/javascript/slider-cars.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/javascript/treemenu.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/interactive-javascript-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/interactive-javascript-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/jenkins-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/jira-tutorial-a-complete-guide-for-beginners.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/live-agile-testing-project.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/live-php-project-learn-complete-web-development-cycle.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/live-selenium-project.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/loadrunner-v12-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/logo.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/mantis-bug-tracker-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/mariadb-tutorial-install.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/mariadb-tutorial-install.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/media/gantry5/assets/js/matchmedia.polyfill.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/media/gantry5/engines/nucleus/css/nucleus-ie9.css?59966afb |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/mis-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/mis-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/ms-access-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/ms-access-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/ms-access-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/mysql-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/mysql-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/node-js-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/overview-of-sap-security.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/assets/css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/assets/css/main.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/assets/js/bootstrap.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/assets/js/bootstrap.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/assets/js/home-bar.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/assets/js/main.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/assets/js/skel.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/assets/js/treemenu.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/assets/js/util.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/cardnumber.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/genearte_orderid.php?uid=334721 |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/images/american.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/images/american.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/images/american.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/images/card |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/images/card/temp-88.jpg |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/images/card/temp-88.jpg |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/purchasetoy.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/perl-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/perl-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/php-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/php-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/pl-sql-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/postgresql-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/postgresql-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/practitest-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/practitest-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/python-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/qtest-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/qtest-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/quick-test-professional-qtp-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/release-notes |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/release-notes |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/ruby-on-rails-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-basis-training-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-basis-training-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-bi.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-bi.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-bods-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-bpc.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-crm-training.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-fico-training-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-fico-training-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-hcm.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-mm-training-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-payroll.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-pi-process-integration-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-pp-tutorials.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-quality-management-qm-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-quality-management-qm-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-training-hub.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sap-training-hub.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/images |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/images/2.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/images/3.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/scripts |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css/home-bar.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/css/style.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/bootstrap.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/bootstrap.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/home-bar.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/jquery.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/slider-cars.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/test.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/JavaScript/treemenu.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/scripts |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/customer/scripts/commonstyle.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/selenium-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/images |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/images/041318_0534_WhatisFullf1.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/images/041318_0534_WhatisFullf1.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/images/041318_0552_WhatisSAPBu1.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/images/051818_1048_SoftwareCon1.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/images/051818_1048_SoftwareCon2.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/images/051818_1048_SoftwareCon2.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/js/b40b8f484a50c7147e39e067a6f3d6ef_0.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/js/jquery.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/page-3.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/seo/page-6.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/software-engineering-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sql.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/sql.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/talend-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/access.php?uid=063675 |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/addcustomer.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/css/custom.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/css/slider-cars.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/bootstrap.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/bootstrap.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.scrolly.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/jquery.scrolly.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/main.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/skel.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/slider-cars.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/tariffplan.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/test.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/treemenu.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/treemenu.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/util.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/w3.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assets/js/w3.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/images |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/index.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/accountingjs |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/accountingjs/AccountCSS.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/accountingjs/af3cfffb95196d4da1e9e744fbfc7875.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/accountingjs/jquery-ui.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/accountingjs/lesson6.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/cookie/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/cookie/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/css/custom.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/css/custom.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/css/home-bar.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/css/main.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/css/main.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/css/slider-cars.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/css/style.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/ |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/ads.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/ads.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/images |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/images/app_google_play(1).png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/images/logo_1.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/images/logo_respnsivsite.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/Jmeter720.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/Jmeter720.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/js/jquery.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/guru99home/js/jquery.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/image_upload/loader.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/image_upload/scripts |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/image_upload/scripts/jquery.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/img/tooltips.jpg |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/js/jquery.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/js/jquery.tools.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/js/jquery.tools.min.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/js/w3.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/js/w3.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/main.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/msgr11us.exe |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/msgr11us.exe |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/msgr11us.exe |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/banner2.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/featured_destination.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/hdr_findflight.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/hdr_links.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/home.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/icn_destinations.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/icn_register.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/mast_construction.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/mast_register.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/mast_signon.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/images/submit.gif |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/toDay |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/scrolling.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/upload/css/banner-styles.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/upload/css/banner-styles.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/upload/css/style.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/upload/register.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/upload/rules.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/uml-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/uml-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/unix-linux-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/utlimate-guide-etl-datawarehouse-testing.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/css/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/css/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/css/custom.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/css/main.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/css/slider-cars.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/css/style.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/css/style.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/index.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/JavaScript/slider-cars.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/JavaScript/treemenu.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V4/css/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V4/JavaScript/jquery.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V4/JavaScript/jquery.js |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/vb-net-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/vba-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web-services-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web-services-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/bootstrap.min.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/custom.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/custom.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/home-bar.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/main.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/main.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20130603222603/http:/messenger.yahoo.com/croissant_apps/aurora/htdocs/css/slider-cars.css |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20141011154238im_/http:/www.megafileupload.com/skin/custom/images |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20141011154238im_/http:/www.megafileupload.com/skin/custom/images/delete.png |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/what-is-sap.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/wpf-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/wpf-tutorial.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/zephyr-agile-jira.html |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 5CBD62F159DD658A5E184BC3BD37AECC |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 18A2EBFF4936320AD1EEEB3341EA01D4 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 33A3FE8B6A527DFCE7620B20529C12FA |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 4FCFE06C13D66C24B15F864A11B997DD |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 5A33F137A0FD627F4A5B3D11D1B919F3 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 5CBD62F159DD658A5E184BC3BD37AECC |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | 8B82FF2CC59E8AB6C9F17F559D8F5ED4 |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | A22DB34A8772A4D608E34159C47C453C |
| Other Info | cookie:JSESSIONID |
| URL | http://localhost:8090/bodgeit/login.jsp |
| Method | POST |
| Parameter | JSESSIONID |
| Attack | |
| Evidence | B584B16C385F31F10E354FCCE4800152 |
| Other Info | cookie:JSESSIONID |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/index.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/index.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/logout.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/new_quotation.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/insurance/v1/register.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/check_credit_balance.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/process_card.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/payment-gateway/process_purchasetoy.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/addtariffplans.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/assigntariffplantocustomer.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/billing.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/telecom/insertcustomer.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/birthdate.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/cookie/selenium_cookie.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/image_upload/ajaximage.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/newtours/reservation2.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/success.html |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/test/upload/emaillinks.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 8ae06253a55a43976cdb54833b3e3e50 |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20141011154238/http:/212.7.194.85/cgi-bin/upload.cgi?maxfilesize=206000000 |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | 75b207e09ffe46f571f314258999210e |
| Other Info | cookie:PHPSESSID |
| URL | https://demo.guru99.com/web/20141011154238/http:/212.7.194.85/cgi-bin/upload.cgi?maxfilesize=206000000 |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | c95e591753b50fcbff83f96286cd14ef |
| Other Info | cookie:PHPSESSID |
| Instances | 393 |
| Solution |
This is an informational alert rather than a vulnerability and so there is nothing to fix.
|
| Reference | https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id |
| CWE Id | |
| WASC Id | |
| Plugin Id | 10112 |
|
Informational |
User Controllable HTML Element Attribute (Potential XSS) |
|---|---|
| Description |
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
|
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=10 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=10 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=10 The user-controlled value was: 10 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=10 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=10 appears to include user input in: a(n) [table] tag [width] attribute The user input found was: prodid=10 The user-controlled value was: 100% |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=11 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=11 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=11 The user-controlled value was: 11 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=12 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=12 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=12 The user-controlled value was: 12 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=13 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=13 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=13 The user-controlled value was: 13 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=14 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=14 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=14 The user-controlled value was: 14 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=15 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=15 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=15 The user-controlled value was: 15 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=16 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=16 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=16 The user-controlled value was: 16 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=16 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=16 appears to include user input in: a(n) [td] tag [width] attribute The user input found was: prodid=16 The user-controlled value was: 16% |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=17 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=17 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=17 The user-controlled value was: 17 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=18 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=18 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=18 The user-controlled value was: 18 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=19 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=19 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=19 The user-controlled value was: 19 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=20 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=20 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=20 The user-controlled value was: 20 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=21 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=21 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=21 The user-controlled value was: 21 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=22 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=22 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=22 The user-controlled value was: 22 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=23 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=23 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=23 The user-controlled value was: 23 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=24 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=24 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=24 The user-controlled value was: 24 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=25 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=25 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=25 The user-controlled value was: 25 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=25 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=25 appears to include user input in: a(n) [td] tag [width] attribute The user input found was: prodid=25 The user-controlled value was: 25% |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=26 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=26 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=26 The user-controlled value was: 26 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=27 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=27 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=27 The user-controlled value was: 27 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=28 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=28 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=28 The user-controlled value was: 28 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=29 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=29 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=29 The user-controlled value was: 29 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=30 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=30 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=30 The user-controlled value was: 30 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=30 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=30 appears to include user input in: a(n) [td] tag [width] attribute The user input found was: prodid=30 The user-controlled value was: 30% |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=31 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=31 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=31 The user-controlled value was: 31 |
| URL | http://localhost:8090/bodgeit/product.jsp?prodid=32 |
| Method | GET |
| Parameter | prodid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/product.jsp?prodid=32 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: prodid=32 The user-controlled value was: 32 |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/angular/angular_body_attribute_ng/1.4.0?q=test appears to include user input in: a(n) [div] tag [ng-class] attribute The user input found was: q=test The user-controlled value was: test |
| URL | https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/angular/angular_body_attribute_non_ng_raw/1.4.0?q=test appears to include user input in: a(n) [div] tag [class] attribute The user input found was: q=test The user-controlled value was: test |
| URL | https://public-firing-range.appspot.com/redirect/meta?q=/ |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/redirect/meta?q=/ appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: q=/ The user-controlled value was: 0;/ |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/object/application_x-shockwave-flash?q=https://google.com appears to include user input in: a(n) [object] tag [data] attribute The user input found was: q=https://google.com The user-controlled value was: https://google.com |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/object_raw?q=https://google.com appears to include user input in: a(n) [object] tag [data] attribute The user input found was: q=https://google.com The user-controlled value was: https://google.com |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://127.0.0.2/localhost_import.js appears to include user input in: a(n) [script] tag [src] attribute The user input found was: q=http://127.0.0.2/localhost_import.js The user-controlled value was: http://127.0.0.2/localhost_import.js |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://192.168.1.2/private_network_import.js appears to include user input in: a(n) [script] tag [src] attribute The user input found was: q=http://192.168.1.2/private_network_import.js The user-controlled value was: http://192.168.1.2/private_network_import.js |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=http://g00gle.com/typosquatting_domain.js appears to include user input in: a(n) [script] tag [src] attribute The user input found was: q=http://g00gle.com/typosquatting_domain.js The user-controlled value was: http://g00gle.com/typosquatting_domain.js |
| URL | https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://public-firing-range.appspot.com/remoteinclude/parameter/script?q=https://google.com appears to include user input in: a(n) [script] tag [src] attribute The user input found was: q=https://google.com The user-controlled value was: https://google.com |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | productid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [table] tag [width] attribute The user input found was: productid=10 The user-controlled value was: 100% |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | productid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [td] tag [width] attribute The user input found was: productid=16 The user-controlled value was: 16% |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | productid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [td] tag [width] attribute The user input found was: productid=25 The user-controlled value was: 25% |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | productid |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [td] tag [width] attribute The user input found was: productid=30 The user-controlled value was: 30% |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | quantity_1 |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: quantity_1=33 The user-controlled value was: 33 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | quantity_14 |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: quantity_14=33 The user-controlled value was: 33 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | quantity_23 |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: quantity_23=33 The user-controlled value was: 33 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | quantity_24 |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: quantity_24=33 The user-controlled value was: 33 |
| URL | http://localhost:8090/bodgeit/basket.jsp |
| Method | POST |
| Parameter | update |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://localhost:8090/bodgeit/basket.jsp appears to include user input in: a(n) [input] tag [value] attribute The user input found was: update=Update Basket The user-controlled value was: update basket |
| URL | https://demo.guru99.com/Agile_Project/Agi_V1/index.php |
| Method | POST |
| Parameter | btnLogin |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/Agile_Project/Agi_V1/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: btnLogin=LOGIN The user-controlled value was: login |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | _method |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/insurance/v1/header.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: _method=patch The user-controlled value was: patch |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | user[dateofbirth(1i)] |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/insurance/v1/header.php appears to include user input in: a(n) [option] tag [value] attribute The user input found was: user[dateofbirth(1i)]=1989 The user-controlled value was: 1989 |
| URL | https://demo.guru99.com/insurance/v1/header.php |
| Method | POST |
| Parameter | user[title] |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/insurance/v1/header.php appears to include user input in: a(n) [option] tag [value] attribute The user input found was: user[title]=Mrs The user-controlled value was: mrs |
| URL | https://demo.guru99.com/Security/SEC_V1/index.php |
| Method | POST |
| Parameter | btnLogin |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/Security/SEC_V1/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: btnLogin=LOGIN The user-controlled value was: login |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | submit |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/delete_customer.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit=Submit The user-controlled value was: submit |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | submit |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/delete_customer.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit=Submit The user-controlled value was: submit |
| URL | https://demo.guru99.com/test/delete_customer.php |
| Method | POST |
| Parameter | submit |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/delete_customer.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit=Submit The user-controlled value was: submit |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | action |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: action=process The user-controlled value was: process |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | submit |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/index.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit=Submit The user-controlled value was: submit |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | submit |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/index.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit=Submit The user-controlled value was: submit |
| URL | https://demo.guru99.com/test/newtours/index.php |
| Method | POST |
| Parameter | submit |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit=Submit The user-controlled value was: submit |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | action |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/login.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: action=process The user-controlled value was: process |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | submit |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/login.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit=Submit The user-controlled value was: submit |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | submit |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/login.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit=Submit The user-controlled value was: submit |
| URL | https://demo.guru99.com/test/newtours/login.php |
| Method | POST |
| Parameter | submit |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/login.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit=Submit The user-controlled value was: submit |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | country |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/register.php appears to include user input in: a(n) [option] tag [value] attribute The user input found was: country=ALGERIA The user-controlled value was: algeria |
| URL | https://demo.guru99.com/test/newtours/register.php |
| Method | POST |
| Parameter | mercury |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/test/newtours/register.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: mercury=process The user-controlled value was: process |
| URL | https://demo.guru99.com/V1/index.php |
| Method | POST |
| Parameter | btnLogin |
| Attack | |
| Evidence | |
| Other Info | User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://demo.guru99.com/V1/index.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: btnLogin=LOGIN The user-controlled value was: login |
| Instances | 64 |
| Solution |
Validate all input and sanitize output it before writing to any HTML attributes.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10031 |
|
Informational |
User Controllable JavaScript Event (XSS) |
|---|---|
| Description |
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
|
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled javascript event(s) was found. Exploitability will need to be manually determined. The page at the following URL: https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_quoted/DOUBLE_QUOTED_ATTRIBUTE?q=a includes the following Javascript event which may be attacker-controllable: User-input was found in the following data of an [onclick] event: a The user input was: a |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled javascript event(s) was found. Exploitability will need to be manually determined. The page at the following URL: https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_singlequoted/SINGLE_QUOTED_ATTRIBUTE?q=a includes the following Javascript event which may be attacker-controllable: User-input was found in the following data of an [onclick] event: a The user input was: a |
| URL | https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a |
| Method | GET |
| Parameter | q |
| Attack | |
| Evidence | |
| Other Info | User-controlled javascript event(s) was found. Exploitability will need to be manually determined. The page at the following URL: https://public-firing-range.appspot.com/reflected/escapedparameter/js_eventhandler_unquoted/UNQUOTED_ATTRIBUTE?q=a includes the following Javascript event which may be attacker-controllable: User-input was found in the following data of an [onclick] event: a The user input was: a |
| Instances | 3 |
| Solution |
Validate all input and sanitize output it before writing to any Javascript on* events.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10043 |